有没有更好的方法来写这个?检查场景
所以我有这个代码检查4个参数(作者,标题,关键字和主题)为我正在进行的项目做一些动态sql查询生成,我只是想知道是否有人知道更好的方法写出来。我感觉这是一种非常低效的方式,但这样做很晚,而且我很累。请让我知道,如果你知道有更好的方法来做到这一点,那么这里只是一堆if/else case检查语句。有没有更好的方法来写这个?检查场景
谢谢!
if(_author!=null)
{
query += authorQ;
if(_title != null)
{
if(conjunct[0] == 0)
{
query += " AND ";
query += titleQ;
}
else
{
query += " OR ";
query += titleQ;
}
if(_keyword != null)
{
if(conjunct[1] == 0)
{
query += " AND ";
query += keywordQ;
}
else
{
query += " OR ";
query += keywordQ;
}
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
else
{
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
}//title = null
else
{
if(_keyword != null)
{
if(conjunct[1] == 0)
{
query += " AND ";
query += keywordQ;
}
else
{
query += " OR ";
query += keywordQ;
}
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
else //keyword null
{
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
//if subject's null at this point we don't care
}
}
}
else //author null
{
if(_title != null)
{
if(conjunct[0] == 0)
{
query += " AND ";
query += titleQ;
}
else
{
query += " OR ";
query += titleQ;
}
if(_keyword != null)
{
if(conjunct[1] == 0)
{
query += " AND ";
query += keywordQ;
}
else
{
query += " OR ";
query += keywordQ;
}
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
else
{
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
}//title = null
else
{
if(_keyword != null)
{
if(conjunct[1] == 0)
{
query += " AND ";
query += keywordQ;
}
else
{
query += " OR ";
query += keywordQ;
}
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
}
else //keyword null
{
if(_subject != null)
{
if(conjunct[2] == 0)
{
query += " AND ";
query += subjectQ;
}
else
{
query += " OR ";
query += subjectQ;
}
}
//if subject's null at this point we don't care
}
}
}
怎么样更加结构化和可扩展的方法,请参见下面的例子。顺便说一句,您不应该真正将用户输入直接放入SQL查询中 - 而是使用准备好的语句来设法防止注入攻击。
// test values
String _author = "authorfoo";
String _title = "titlebar";
String _keyword = null;
String _subject = "subjectfoo";
String authorQ = "author=" + _author;
String subjectQ = "subject=" + _subject;
String titleQ = "title="+ _title;
String keywordQ = "keyword=" + _keyword;
int conjunct[] = new int[]{ 0, 1, 1, 0};
// query building code
String []inputs = {_author, _title, _keyword, _subject};
String []queries = {authorQ, titleQ, keywordQ, subjectQ};
StringBuilder builder = new StringBuilder();
for (int i = 0 ; i < inputs.length; i++) {
if (inputs[i] != null) {
if (builder.length() > 0) { // don't start query with connective
if (conjunct[i] == 0) {
builder.append(" AND ");
} else {
builder.append(" OR ");
}
}
builder.append(queries[i]);
}
}
String query = builder.toString();
System.out.println(query);
哇,好多了。我绝对不应该在午夜过后写代码。同样,对于sql注入项目,我们不需要担心这个类,因此直接用户输入。感谢或你的帮助,你摇滚! – noname 2012-03-18 00:43:17
a = _author ? authorQ : 1;
t = _title ? titleQ : 1;
k = _keyword ? keywordQ : 1;
s = _subject ? subjectQ : 1;
c1 = conjunct[0] ? " OR " : " AND ";
c2 = conjunct[1] ? " OR " : " AND ";
c3 = conjunct[2] ? " OR " : " AND ";
query += a + c1 + t + c2 + k + c3 + s;
因此,对于_author == null和conunction [0]!= 0查询变为... 1或....那个sql查询计算的是什么? – DaveFar 2012-03-17 11:43:34
您可以查询+ = variableName;在if语句中,你可以使用三元运算符:例如: - query + =(conjunct [0] == 0?“AND”:“OR”); query + = titleQ; – 2012-03-17 07:34:33
我知道一个非常棒的方式,'但它晚了,我很累';) – DaveFar 2012-03-17 11:44:57
此外,很多代码是“死”,即无法访问,只需将其放入最新版本的eclipse中,并启用所有警告。 。 – Adam 2012-03-17 11:53:00