在書寫sql語句時,常常用
?作為占位符來使用,因為可以防止sql注入,所表示的內容不會被解析成sql的關鍵字!但在某些情況下,你的sql語句中需要包含sql語句中的關鍵字時,這時候再使用占位符,可能會引發錯誤!
例如:
QueryRunner queryRunner = new QueryRunner(DruidUtils.getDataSource());
row= queryRunner.update("delete from user where uid in (?)", uidStr);
當uidStr="2,4" 時,執行sql語句時,就會報錯!
java.sql.SQLException: Data truncation: Truncated incorrect DOUBLE value: '3,4' Query: delete from user where uid in (?) Parameters: [3,4]
因為此時2和4之間的逗號不會被解析成sql中的逗號,所以會引發錯誤
解決方法: row= queryRunner.update("delete from user where uid in ("+uidStr+")");
row= queryRunner.update("delete from user where uid in ("+uidStr+")");