开发者

Multiselect month from table - sqlite

问答 作者:

I get 1-n selected months from a JList. Now I'd like to select rows from a sqlite DB with the selected months.

Is there a way to do it the easy way to build the select string, e.g. with a loop and a LIKE statement?

resultSet = statement
        .executeQuery("SELECT sum(Betrag) FROM record WHERE strftime('%Y',Datum)='"
            + options.getList_years().get(options.getCurrent_year_index())
            + "' AND strftime('%m',Datum) LIKE '"
            + "02 || 04 || 12"  //Here are the months, 
            + "' AND Sektion LIKE '"
            + "%"
            + "' AND Inhaber LIKE '"
            + list_accounts.getSelectedVa开发者_开发百科lue()
            + "' AND Ausgabe='"
            + "true';");

Or has it to look that way? 

strftime('%m',Datum)='02' OR strftime('%m',Datum)='04' OR trftime('%m',Datum)='12'

You should use an IN clause:

... AND strftime('%m',Datum) IN ('02', '04', '12')

But you should definitely not use string concatenation to set parameters dynamically in your query. This is the best way to suffer from SQL injection attacks. Use prepared statements, with a ? placeholder for each of your parameter:

SELECT sum(Betrag) FROM record WHERE strftime('%Y',Datum) = ? ...

Learn more about prepared statements in the JDBC tutorial.

You will indeed have to use some loop or utility to build the IN clause. StringUtils from commons-lang is useful here:

"... AND strftime('%m',Datum) IN (" + StringUtils.repeat("?", ", ", months.size())

继续阅读:sql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9