java—如何在where条件之后的查询中显示以下条件

ogsagwnx  于 2023-01-29  发布在  Java
关注(0)|答案(0)|浏览(207)
I want avoid SQL injection problem using the concatenation.

在这里,我想展示这个条件查询,以避免sql注入。

String matchName = helper.trim(request.getParameter("txtName"));
            if (StringUtils.isNotBlank(matchName)) {
                if (searchCondition.length() > 0)
                    searchCondition.append(" AND ");
                searchCondition.append("PROV_NM_1_TXT LIKE '" + "%"
                        + matchName.toUpperCase() + "%" + "'");

            }

            String matchBusinessName = helper.trim(request
                    .getParameter("txtBusName"));

            if (StringUtils.isNotBlank(matchBusinessName)) {
                if (searchCondition.length() > 0)
                    searchCondition.append(" AND ");
                searchCondition.append("PROV_NM_1_TXT LIKE '" + "%"
                        + matchBusinessName.toUpperCase() + "%" + "'");
            }

            String matchLicense = helper.trim(request

            .getParameter("txtLicenseNumber"));
    if (StringUtils.isNotBlank(matchLicense)) {
        if (searchCondition.length() > 0)
            searchCondition.append(" AND ");
                searchCondition.append("LCNS_NBR='" + matchLicense + "'");
            }

上面的条件我想在查询中呈现

Javasqlprepared-statementcheckmarx

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com