如果只是查询具体的条件,那很简单,只需要在where 条件之后加上相应的条件即可,像这样:where type = ‘门诊’。当查询的是全选或全部时,显然的就要把相应的条件给去除,如果你是使用mybatis,那也很简单,只需要在xml映射文件里加上一些判断条件,像这样:
<select id="user" parameterType="user" resultType="User">
select * from user
<if test="id!=null and id!=''">
<if test="type!=null and type!=''">
and type=#{type}
<if test="gender!=null and gender!=''">
and gender=#{gender}
<select id="executeSQL" parameterType="java.lang.String" resultType="Map">
<![CDATA[ ${SQL} ]]>
<![CDATA[ ]]>
将我的SQL语句包裹起来,这样SQL语句就不会被转义了。这里使用${ SQL }而不是#{ SQL },#将传入的数据都当成一个字符串,会对自动传入的数据加一个双引号,$将传入的数据直接显示生成在sql中,显然我的SQL语句不需要加双引号。(这里我也先不考虑使用$会导致SQL注入的问题,后期我也会去做SQL检查)
"sql":"SELECT nvl(sum(a.ssrc),0) as count FROM CB_ME_YLZL a,CB_DI_DATE b,CB_DI_YLJG c,CB_DI_JZLX d WHERE a.sjid=b.sjid and a.yljgid=c.yljgid and a.jzlxid=d.jzlxid and c.yljgdj='3' and c.yljgmc = #{select1_val_select} AND type = #{radio1_val_radio}"
and c.yljgmc = #{select1_val_select} AND type = #{radio1_val_radio}
#{select1_val_select} 和 #{radio1_val_radio}
* 处理SQL语句
* @param sql
* @return
public static String dealSQL(String sql, String str) {
sql = sql.trim().toUpperCase().replaceAll(" +", " ");
int form = sql.indexOf(" FROM ");
String begin = sql.substring(0, form);
begin = begin.replaceAll(" AS ", " AS C_");
String end = sql.substring(form, sql.length());
sql = begin+end;
String[] split1 = str.trim().toUpperCase().replaceAll("'", "").replaceAll("\"", "").split(",");
for (String s : split1) {
if(StringUtils.isNotBlank(s)) {
String[] split2 = s.split(":");
if(sql.contains(split2[0])) {
if(split2[0].contains("VAL_RADIO") || split2[0].contains("VAL_SELECT")) {
if(split2[1].equals("全选") || split2[1].equals("全部")) {
sql = removeSQL(sql,"#{"+split2[0]+"}");
}else {
sql = sql.replace("#{"+split2[0]+"}", "'" + split2[1] + "'");
}else {
sql = sql.replace("#{"+split2[0]+"}", "'" + split2[1] + "'");
return sql;
json配置文件里规定需要展现的字段都要使用as ** 作为别名,但是如果别名为数字或特殊字符的话,oracle是不认的,如果别名使用双引号引起来,orace认但json文件又不认了,所以我使用最low的办法,将所有别名加上一个C_,这样数据库就认了。
看一下 removeSQL方法:
* 去除SQL语句某查询条件
* @param sql
* @param choice
* @return
public static String removeSQL(String sql,String choice) {
int cho_first = sql.indexOf(choice);
int before_and = sql.lastIndexOf(" AND ", cho_first);
int before_where = sql.lastIndexOf(" WHERE ", cho_first);
int after_and = sql.indexOf(" AND ", cho_first);
int after_where = sql.indexOf(" WHERE ",cho_first);
if(before_where != -1) {
if(before_and != -1) {
if(before_and > before_where) {
sql = sql.replace(sql.substring(before_and, cho_first), " ").replace(choice, " ");
}else {
if(after_and != -1) {
if(after_where != -1) {
if(after_and < after_where) {
sql = sql.replace(sql.substring(before_where+7, after_and+5), " ");
}else {
sql = sql.replace(sql.substring(before_where, cho_first), " ").replace(choice, " ");
}else {
sql = sql.replace(sql.substring(before_where+7, after_and+5), " ");
}else {
sql = sql.replace(sql.substring(before_where, cho_first), " ").replace(choice, " ");
if(after_and != -1) {
if(after_where != -1) {
if(after_and < after_where) {
sql = sql.replace(sql.substring(before_where+7, after_and+5), " ");
}else {
sql = sql.replace(sql.substring(before_where, cho_first), " ").replace(choice, " ");
}else {
sql = sql.replace(sql.substring(before_where+7, after_and+5), " ");
}else {
sql = sql.replace(sql.substring(before_where, cho_first), " ").replace(choice, " ");
int cho = sql.indexOf(choice);
if(cho != -1) {
return removeSQL(sql,choice);
}else {
return sql;
逻辑也就是:当条件在不同地方,处理方式不同而已,下面是几种罗列的可能存在条件的地方,上面代码就是针对这些不同地方,将这些条件连同其前的and或者where(不影响其后的and条件使用的where,如下图第二条语句第一处位置的条件)去掉。(针对复杂的SQL,如使用with as 将查询数据做临时表,之后再使用select查询临时表的,这些代码是不能处理的)