JDBC和MySQL for SQL的不同結果select date where datetime> date

Question

我試圖從基於DATETIME的表中選擇一個條目子集。在命令行中，我進入

SELECT * FROM routes_table WHERE time > '2012-05-28 11:01:01' ORDER BY time 

我得到

mysql> SELECT * FROM routes_table WHERE time > '2012-05-28 11:01:01' ORDER BY time; 
+-----------+--------------+------+---------------------+--------------+ 
| driver | type   | num | time    | destination | 
+-----------+--------------+------+---------------------+--------------+ 
| Ma Lvjing | Bus   | B127 | 2012-06-22 15:00:00 | Colina Hotel | 
+-----------+--------------+------+---------------------+--------------+ 
1 row in set (0.00 sec) 

然而，當完全相同的查詢是通過JDBC執行，我得到的表的所有結果，包括它的時間是項早於'2012-05-28 11:01:01'。任何想法爲什麼發生這種情況？

這是JDBC代碼的一部分，在JSP

String database = "routes"; 
String routes_table = "routes_table"; 
String column_time = "time"; 
<% 
    try { 
     Class.forName("com.mysql.jdbc.Driver"); //Load the MySQL driver 
     con = DriverManager.getConnection("jdbc:mysql://localhost/" 
       + database, "root", "admin"); 
     stmt = con.createStatement(); 

     String currentDATETIME = new TimeToolbox().getCurrentDATETIME(); 

     rs = stmt.executeQuery("SELECT * FROM " + routes_table + " WHERE " 
       + column_time + " > '" + currentDATETIME + "'" 
       + " ORDER BY " + column_time); 
%> 

Answer 1

你應該使用Prepared Statements與參數和Date變量傳遞日期的價值，這樣你最有可能解決這個問題，防止SQL注入...

String query = "SELECT * FROM " + routes_table + " WHERE " 
       + column_time + " > ?" 
       + " ORDER BY " + column_time; 
PreparedStatement prest = con.prepareStatement(query); 
prest.setDate(1,new Date());