查询记录条数
String sql = "select count(*) from tb_user";
int count = jdbcTemplate.queryForObject(sql, Integer.class);
按条件查询记录条数,通过?参数绑定
String sql = "select count(*) from tb_user where username = ?";
int count = jdbcTemplate.queryForObject(sql, Integer.class, "Tom");
或者
String sql = "select count(*) from tb_user where username = ?";
Object[] params = new Object[]{"Tom"};
int count = jdbcTemplate.queryForObject(sql, params, Integer.class);
同理,查询一个String字段的值
String sql = "select username from tb_user where user_id = ?";
Object[] params = new Object[]{"0ff5771760c1483abaefa7a3e530ea6d"};
String username = jdbcTemplate.queryForObject(sql, params, String.class);
查询多个字段,返回一个Map
String sql = "select user_id, username, age from tb_user where user_id = ?";
Object[] params = new Object[]{"46a8247fbffc46c3a591961351fa3277"};
Map<String, Object> resultMap = jdbcTemplate.queryForMap(sql, params);
查询多条数据,每条数据都以Map形式返回,整个结果是List>
String sql = "select user_id, username, age from tb_user where age = ?";
Object[] params = new Object[]{25};
List<Map<String, Object>> resultMapList = jdbcTemplate.queryForList(sql, params);
查询单条数据并通过RowMapper映射成实体对象
String sql = "select user_id, username, mobile, create_time from tb_user where user_id = ?";
Object[] params = new Object[]{"0ff5771760c1483abaefa7a3e530ea6d"};
User user = jdbcTemplate.queryForObject(sql, params,
new RowMapper<User>() {
@Override
public User mapRow(ResultSet rs, int rowNum) throws SQLException {
// 在这里做字段到实体的映射
User u = new User();
u.setUserId(rs.getString("user_id"));
u.setUsername(rs.getString("username"));
u.setMobile(rs.getString("mobile"));
u.setCreateTime(rs.getTimestamp("create_time"));
return u;
}
});
查询对象集合
String sql = "select user_id, username, mobile, create_time from tb_user where username = ?";
Object[] params = new Object[]{"相同的用户名"};
List<User> users = jdbcTemplate.query(sql, params,
new RowMapper<User>() {
@Override
public User mapRow(ResultSet rs, int rowNum) throws SQLException {
User u = new User();
u.setUserId(rs.getString("user_id"));
u.setUsername(rs.getString("username"));
u.setMobile(rs.getString("mobile"));
u.setCreateTime(rs.getTimestamp("create_time"));
return u;
}
});
项目中使用到了Spring JDBC, 一般jdbcTemplate基本可以满足我们的需求,我们可以通过?占位符来传参,方式sql注入。 例如:
@Override
public boolean queryMultBySpuId(String spuId, String companyId) {
String sql = "SELECT goods_commonid FROM zcy_goods_item WHERE goods_commonid=? AND company_id=? ";
try {
List<String> commonidList=jdbcTemplate.queryForList(sql, new String[]{spuId, companyId},String.class);
if (CollectionUtils.isEmpty(commonidList)) {
return false;
} else {
return true;
}
} catch (DataAccessException e) {
return false;
}
问题
如果我们在sql中使用了in,那么通过?占位符来传参是不能解决问题的,直接拼接sql又会有sql注入的风险。这种情况下我们可以使用NamedParameterJdbcTemplate 来解决问题。 NamedParameterJdbcTemplate支持具名参数 PS:具名参数: SQL 按名称(以冒号开头)而不是按位置进行指定. 具名参数更易于维护, 也提升了可读性. 具名参数由框架类在运行时用占位符取代
解决办法 获得NamedParameterJdbcTemplate实例,在NamedParameterJdbcTemplate 构造器中直接传入JdbcTemplate的实例即可,如下:
NamedParameterJdbcTemplate nameJdbc = new NamedParameterJdbcTemplate(jdbcTemplate);
使用NamedParameterJdbcTemplate实例,我们可以把in中的参数放入map中,值为List<String>paramMap.put("itemIds", Arrays.asList(itemIds.split(",")))
代码如下:
@Override
public List<Item> selectItemByIds(String itemIds) {
NamedParameterJdbcTemplate nameJdbc = new NamedParameterJdbcTemplate(jdbcTemplate);
Map<String,Object> paramMap = new HashMap<String, Object>();
try {
String sql = "SELECT * FROM zcy_goods_item WHERE id IN(:itemIds) ORDER BY id DESC";
paramMap.put("itemIds", Arrays.asList(itemIds.split(",")));
return nameJdbc.query(sql,paramMap, new BeanPropertyRowMapper<Item>(Item.class));
} catch (DataAccessException e) {
return null;
}
}