javaʱ¼äº¯Êý£¬ÒÔ¼° sql ʱ¼ä·¶Î§²éÕÒ ´úÂë
String keyword = request.getParameter("keyword");
String timeRange = request.getParameter("timeRange");
String type = request.getParameter("type");
StringBuffer sql = new StringBuffer();
sql.append("use webstation_leadall select f.id,f.title,f.publishtime from information f left join infotype t on f.typeid=t.id where ");
if( (keyword == null)|| (keyword.equals("")) ){
sql.append("title like '%' and ");
}else {
sql.append("title like '%"+keyword +"%' and ");
}
if(timeRange.equals("")||timeRange==null){
sql.append("");
}else{
//Calendar cal = Calendar.getInstance();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd kk:mm:ss");
//String now = sdf.format(cal.getTime());
String begintime = "";
String endtime = "";
java.util.Date myDate=new java.util.Date();
long myTime = 0;
if(timeRange.equals("1")){
myTime=((myDate.getTime()/1000)-60*60*24)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("3")){
myTime=((myDate.getTime()/1000)-60*60*24*3)*1000;
begintime = sdf.format(new java.util.Date(myTime));
endtime = sdf.format(myDate);
//System.out.println("------"+begintime+"+++++"+endtime);
}else if(timeRange.equals("7")){
myTime=((myDate.getTime()/1000)-60*60*24*7)*1000;
&n
Ïà¹ØÎĵµ£º
1.˵Ã÷£º¸´ÖƱí(Ö»¸´Öƽṹ,Ô´±íÃû£ºa бíÃû£ºb)
SQL: select * into b from a where 11
2.˵Ã÷£º¿½±´±í(¿½±´Êý¾Ý,Ô´±íÃû£ºa Ä¿±ê±íÃû£ºb)
SQL: insert into b(a, b, c) select d,e,f from a;
3.˵Ã÷£ºÏÔʾÎÄÕ¡¢Ìá½»È˺Í×îºó»Ø¸´Ê±¼ä
SQL: select a.title,a.username,b.adddate from table a,(select max(adddat ......
Ò»¡¢¼òµ¥²éѯ
¡¡¡¡ ¼òµ¥µÄTransact-SQL²éѯֻ°üÀ¨Ñ¡ÔñÁÐ±í¡¢from×Ó¾äºÍWHERE×Ӿ䡣
ËüÃÇ·Ö±ð˵Ã÷Ëù²éѯÁС¢²éѯµÄ
±í»òÊÓͼ¡¢ÒÔ¼°ËÑË÷Ìõ¼þµÈ¡£
ÀýÈ磬ÏÂÃæµÄÓï¾ä²éѯtesttable±íÖÐÐÕÃûΪ“ÕÅÈý”µÄnickname×ֶκÍemail×ֶΡ£
SELECT nickname,email
from testtable WHERE name='ÕÅÈý'
(Ò»)Ñ¡ÔñÁбí
¡ ......
ÔÚ·Ö×éÅÅÐò¹ý³ÌÖÐÐèҪн¨ÅÅÐòÁУ¬°´Ìõ¼þ:(ÎïÁÏ·ÖÀà+¿Í»§Ãû³Æ) ½øÐзÖ×é»ã×Ü È»ºó¾Í¸ù¾Ý¸ÃÌõ¼þ½øÐÐÅÅÐò
1.ÐèҪƴ´ÕÁ½ÁÐ ×÷ΪÅÅÐòÁÐ,ÈçÐè¼ÓÈëÌØÊâ×Ö·û.¾Í»á±¨´í.
ÒòΪ±¾Éí¸Ä×ֶξÍÊÇvarcharÀàÐÍ ÐèÒª½«charÀàÐÍ'_' ת»»³Évarchar
2.Æ´´Õ¹ý³ÌÖÐÓпոñÐèҪȥ¿Õ¸ñ
e.g£ºselect (trim(ÎïÁÏ·ÖÀà)+to_char( ......
==============================================
µÚ1½²
ÔÚÏß¹Û¿´£º http://www.boobooke.com/v/bbk1389
ÊÓÆµÏÂÔØ£º http://www.boobooke.com/v/bbk1389.zip
µÚ2½²
ÔÚÏß¹Û¿´£º http://www.boobooke.com/v/bbk1390
ÊÓÆµÏÂÔØ£º http://www.boobooke.com/v/bbk1390.zip
µÚ3½²
ÔÚÏß¹Û¿´£º http ......
¡¾ÔÎĵØÖ·¡¿Tip/Trick: Guard Against SQL Injection Attacks
¡¾ÔÎÄ·¢±íÈÕÆÚ¡¿ Saturday, September 30, 2006 9:11 AM
SQL×¢Èë¹¥»÷ÊǷdz£ÁîÈËÌÖÑáµÄ°²È«Â©¶´£¬ÊÇËùÓеÄweb¿ª·¢ÈËÔ±£¬²»¹ÜÊÇʲôƽ̨£¬¼¼Êõ£¬»¹ÊÇÊý¾Ý²ã£¬ÐèҪȷÐÅËûÃÇÀí½âºÍ·ÀÖ¹µÄ¶«Î÷¡£²»ÐÒµÄÊÇ£¬¿ª·¢ÈËÔ±ÍùÍù²»¼¯Öл¨µãʱ¼äÔÚÕâÉÏÃæ£¬ÒÔÖÁËûÃǵÄÓ¦Ó㬠......