热门
今天在写SQL语句的模糊查询时,遇到了防止like的SQL注入,通过查询,具体防止方法如下:
Mysql数据库 sql = " and indexNum like concat('%',?,'%') " Oracle sql = " like '%' || ? || '%' " SQL Server sql = " like '%' + ? + '%' "
sql = " and indexNum like concat('%',?,'%') "
sql = " like '%' || ? || '%' "
sql = " like '%' + ? + '%' "