當我運行下面的程序如何保持報價進行正確的SQL查詢
package com.util;
import java.util.ArrayList;
public class Test {
public static void main(String[] args) throws Exception {
ArrayList<String> list_of_symbols = new ArrayList<String>();
list_of_symbols.add("ABB");
list_of_symbols.add("ACC");
list_of_symbols.add("SBIN");
StringBuilder sb_builder = new StringBuilder();
for (int i = 0; i < list_of_symbols.size(); i++) {
sb_builder.append(list_of_symbols.get(i) + ",");
}
String sql = "Select * from data where symbol_name IN ("
+ sb_builder.deleteCharAt(sb_builder.length() - 1).toString()
+ ")";
System.out.println(sql);
}
}
SQL的結果是
Select * from data where symbol_name IN (ABB,ACC,SBIN)
凡爲預期的結果應該是
Select * from data where symbol_name IN ('ABB','ACC','SBIN')
請問我可以讓我知道如何保持行情,使其變得有效SQL
只是將'''添加到您的查詢字符串 – Ramanlfc
你不能保留它們,因爲它們不在那裏。你必須添加它們。 –
offtopic:組合字符串使得SQL注入成爲可能,你應該避免這種情況 – svenhornberg