数据库查询问题,请大家帮忙看看

qq_35746856 2018-03-20 12:20:53
public static List getSalaryList(double jiaBanFei, double qingJiaFei,
double queQinFei, String year, String month) {
List list = new ArrayList();
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
int year1 = Integer.parseInt(year);
int month1 = Integer.parseInt(month);
boolean has = false;
try {
conn = DB.getConnection();
stmt = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,
ResultSet.CONCUR_READ_ONLY);
String sql = "select count(*) from salaryinfo where syear='" + year1
+ "' and smonth='" + month1 + "'";//查询这个月的薪资表是否生成


rs = stmt.executeQuery(sql);
if (rs.next()) {
int i = rs.getInt(1);

if (i > 0) {

has = true;
}
}
rs.close();

if (has == false) //生成薪资表
{
}

sql = "select salaryinfo.impId,imployeeinfo.impName,salaryinfo.syear,"
+ "salaryinfo.smonth,salaryinfo.sBase,salaryinfo.sExtra,"
+ "salaryinfo.sHoliday,salaryinfo.sAbsence,salaryinfo.sTotal,"
+ "salaryinfo.sState from salaryinfo,imployeeinfo "
+ "where salaryinfo.impId=imployeeinfo.impId";


rs = stmt.executeQuery(sql);

while (rs.next()) {
String impId1 = rs.getString("impId");
String impName = new String(rs.getString("impName"));
String opyear = rs.getString("syear");
String opmonth = rs.getString("smonth");
double sBase = rs.getDouble("sBase");
double sExtra = rs.getDouble("sExtra");
double sHoliday = rs.getDouble("sHoliday");
double sAbsence = rs.getDouble("sAbsence");
double sTotal = rs.getDouble("sTotal");
int sState = rs.getInt("sState");
SalaryRecord sr = new SalaryRecord(impId1, impName, opyear,
opmonth, sBase, sExtra, sHoliday, sAbsence, sTotal,sState);
list.add(sr);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (conn != null) {
conn.close();
}
if (stmt != null) {
stmt.close();
}
if (rs != null) {
rs.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
return list;
}

红字这我想再写where语句选取符合用户输入的year1和month1的数据,但总是要么显示没数据要么出错,请大家帮我看一下
...全文
178 2 打赏 收藏 转发到动态 举报
写回复
用AI写文章
2 条回复
切换为时间正序
请发表友善的回复…
发表回复
孟子E章 2018-03-20
  • 打赏
  • 举报
回复
另外,为了数据库不被注入,请采用参数化的sql语句写法。
孟子E章 2018-03-20
  • 打赏
  • 举报
回复
String sql = "select count(*) from salaryinfo where syear='" + year1
+ "' and smonth='" + month1 + "'";//查询这个月的薪资表是否生成

syear smonth字段类型是字符型还是数字的?数字类型的不要引号
String sql = "select count(*) from salaryinfo where syear=" + year1
+ " and smonth=" + month1

87,969

社区成员

发帖
与我相关
我的任务
社区描述
Web 开发 JavaScript
社区管理员
  • JavaScript
  • 无·法
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧