java - problem caused by single quotes in select query -
public void getexp(string bool_expression,int groupid,int explevel){ list<string> list=new arraylist<string>(); list<string> nextexpressionlist = new arraylist<string>(); try{ resultset resultset=null; string sqlstring = null; statement stmt = null; if(explevel==1){ system.out.println("explevel---"+explevel+"group id --"+groupid); sqlstring ="select bool_expression lnp_eng_expressions fk_group="+groupid+" , expression_level="+explevel+""; stmt =connection.createstatement(); resultset= stmt.executequery(sqlstring); while(resultset.next()){ nextexpressionlist.add(resultset.getstring(1)); system.out.println("expression -- "+ resultset.getstring(1)); } } if(explevel > 1 ){ system.out.println("bool_ expression --"+bool_expression); string sql = "select distinct variable_name lnp_eng_variables id in "+ "(select fk_variable_id lnp_eng_questions question_code in "+ "( select question_code lnp_app_questions id in "+ "(select fk_question_id lnp_eng_asc_question_exp fk_exp_id in"+ "(select id lnp_eng_expressions bool_expression = '"+bool_expression+"'"+"and fk_group="+groupid+" , expression_level="+(explevel-1)+"))))"; system.out.println("1"); stmt =connection.createstatement(); resultset=stmt.executequery(sql); while(resultset.next()){ list.add(resultset.getstring(1)); system.out.println("list --"+resultset.getstring(1)); } for(int i=0;1<list.size();i++){ sqlstring = "select distinct bool_expression lnp_eng_expressions "+ "bool_expression '%"+list.get(i)+"%' , expression_level="+explevel+" , fk_group="+groupid+""; resultset = stmt.executequery(sqlstring); while(resultset.next()){ nextexpressionlist.add(resultset.getstring(1)); system.out.println("expression -- "+ nextexpressionlist.get(i)); } } } } catch (exception e) { // todo: handle exception } } public static void main(string args[]){ expressionbuilder builder=new expressionbuilder(); builder.getexp("industry='no'", 1, 2); } getting error in pass bool_expression industry='no' sql query. error because of single quotes '' . not able resolve it.
it's easy - use preparedstatement , let escape strings you.
while doesn't explain problem, don't code much. it's getting big. i'd refactor creating separate dao interface 3 methods, 1 each of queries you're executing. i'd make query strings static final constants in dao implementation class. i'd test separately. when working i'd give object that's checking experience level reference dao , have call methods rather embedding database logic in 1 class.
it's called "decomposition". it'll manage problem gets larger.
something this:
package persistance; public interface foodao { list<foo> find(string name); } public class foodaoimpl implements foodao { public static final string find_by_name_sql = "select * foo name = ?"; private datasource datasource; public foo(datasource datasource) { this.datasource = datasource; } public list<foo> find(string name) { list<foo> result = new arraylist<foo>(); preparedstatement ps = null; resultset rs = null; try { ps = this.datasource.getconnection().preparestatement(find_by_name_sql); ps.setstring(1, name); rs = ps.executequery(); while (rs.hasnext()) { // map row foo , add list result.add(foo); } } catch (sqlexception e) { throw new runtimeexception(e); } { close(rs); close(ps); } } }
Comments
Post a Comment