jfinal多条件查询防⽌SQL注⼊
String sql = "select * from user where 1 = 1 ";
List<Object> params = new ArrayList<Object>();
if(!StringUtils.isEmpty(username)){
sql += " and username like ?";
params.add("%"+username+"%");
}
if(!StringUtils.isEmpty(email)){
sql +=" and email like ?";
params.add("%"+email+"%");
}
if(!StringUtils.isEmpty(company)){
sql +=" and company like ?";
params.add("%"+company+"%");
}
if(status != null){
sql += " and status = ?";
params.add(status);
}
if(duestatus != null){
if(duestatus == 1){
sql += " and date(duedate) < date(now())";
}else{
sql += " and date(duedate) > date(now())";
}
jfinal增删改查}
sql +=" order by regdate desc";
return db().findList(sql, page, size, Array());
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论