According to the date showing the number of a day, seven days before
Local query:
SELECT
Count (*) AS num,
To_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm) as create_time
The FROM
The table name
WHERE
Create_time & lt; 23:59:59='2020-11-08' AND create_time & gt;
='2020-10-31 00:00:00'GROUP BY
To_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm)
The ORDER BY
To_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm) DESC
Server:
String SQL="SELECT count (*) AS num, to_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm) AS create_time FROM" + Tables. The table name +
"WHERE create_time & lt;=: todayDate AND create_time & gt;=: seventhDate + "
"GROUP BY to_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm)" +
"The ORDER BY to_char (to_date (create_time, 'yyyy - mm - dd hh24: mi: ss'), '- dd yyyy - mm) DESC";
Query Query=createQuery (SQL);
Query. AddParameter (" seventhDate seventhDate);
Query. AddParameter (" todayDate todayDate);
Description:
Plus is a newline; Two time date is the generated, not front passed,
But the server quote: use precompiled SQL may be injected into risk,
Question:
I this is equivalent to a placeholder, isn't "select * from table name username=" + + ", "=" username + password;
Don't know why will quote SQL injection,
Strives for the bigwigs doubt dispels doubts, thank you very much,
CodePudding user response:
dd ') as create_time FROM + Tables. The table name + "Should be this, the table name is joining together in,
CodePudding user response: