1..sql statements
In the database, a similar statement is used when we query the statement:
Select * from UserInfo where userid= ' 1 ' or 1;
SELECT * from UserInfo where username= "JFL";
2. Questions
Java usually needs to connect to the database (mysql,oracle, etc.) to operate, in the query block is often used in the WHERE clause, where we need to pay attention to the quotation mark problem.
3. Example
In Java, we need to change the keyword of the WHERE clause into a variable, such as Userid,username. Clearly, the following statements are written directly as not conforming to the requirements:
public static hashmap<string, string> Selectdatagetrecordmap (String id) throws SQLException {
String sql = "SELECT * from userinfo WHERE CustomerID =ID or ' id '";
hashmap<string, string> map = genericdaooper.querygetrecordmap (SQL);
return map;
}
Scanner sc=new Scanner (system.in);
System.out.println ("Please enter the ID of the desired query:");
String Id=sc.nextline ();
SYSTEM.OUT.PRINTLN (Inser.selectdatagetrecordmap (id));
Workaround:
Id=> ' "+id+" '
SELECT * from userinfo where userid=' "+id+";
Note: Single quote double quote +variable+ Double quote single quotation mark
Quotation mark problems for SQL statements in Java