其中的一个方法,看看有什么问题,指点一下,谢谢程序能不能这么写 会不会有问题
[code]
public Integer doInsert(final ManageObject obj){
con = ConDWDVLP.getDWDVLP();
logger.debug("Create InsertConnection:"+con);
boolean flag = false;
String sql = "select distinct * from DIM_MG_OBJECT where Detail_Code = '"+obj.getDETAIL_CODE()+"'";
try {
PreparedStatement stmt = con.prepareStatement(sql,ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_UPDATABLE);
rs = stmt.executeQuery();
logger.debug("SQL:"+sql);
flag = rs.last();
logger.debug("flag is "+flag);
} catch (SQLException e) {
try {
if(con!=null)con.close();
} catch (SQLException e1) {
e1.printStackTrace();
}
logger.debug("Insert data is error! ",e);
}
if(!flag){
return (Integer)JDBCTransactionTemplate.doTransaction(new Transaction(){
public Object execuse(Connection Iner_con) throws SQLException {
logger.debug("Get Iner_con:"+Iner_con);
int bol = 0;
String sql1 = "insert into "
+ "DIM_MG_OBJECT(FMLY_CODE,FMLY_NAME,MID_CODE,MID_NAME,DETAIL_CODE,DETAIL_NAME,LEGACY_ITEM,SHOP_SIGN,PRODUCT_CODE,PRODUCT_NAME,PRODUCT_CAT,CREATE_MAN,MODIFY_MAN,REMARK,ALIVE_FLAG,CREATE_DATE,MODIFY_DATE,META_STR_ID,META_STRUCTURE) "
+ "values(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,sysdate,sysdate,?,?)";
PreparedStatement stmt = Iner_con.prepareStatement(sql1);
stmt.setString(1, obj.getFMLY_CODE());
stmt.setString(2, obj.getFMLY_NAME());
stmt.setString(3, obj.getMID_CODE());
stmt.setString(4, obj.getMID_NAME());
stmt.setString(5, obj.getDETAIL_CODE());
stmt.setString(6, obj.getDETAIL_NAME());
stmt.setString(7, obj.getLEGACY_ITEM());
stmt.setString(8, obj.getSHOP_SIGN());
stmt.setString(9, obj.getPRODUCT_CODE());
stmt.setString(10, obj.getPRODUCT_NAME());
stmt.setString(11, obj.getPRODUCT_CAT());
stmt.setString(12, obj.getCREATE_MAN());
stmt.setString(13, obj.getMODIFY_MAN());
stmt.setString(14, obj.getREMARK());
stmt.setString(15, "Y");
stmt.setString(16, obj.getMETA_STR_ID());
stmt.setString(17, obj.getMETA_STRUCTURE());
bol = stmt.executeUpdate();
logger.info("ManageDAO--insert DIM_MG_OBJECT Table:"+bol+"row");
if(obj.getFMLY_CODE().equals("SRM")){
String sql2 ="insert into dim_coef_price(FMLY_CODE,FMLY_NAME,MID_CODE,MID_NAME,DETAIL_CODE,DETAIL_NAME,META_STR_ID,META_STRUCTURE,ALIVE_FLAG,CREATE_MAN,CREATE_DATE,MODIFY_MAN,MODIFY_DATE)"
+ " values(?,?,?,?,?,?,?,?,?,?,sysdate,?,sysdate)";
stmt = Iner_con.prepareStatement(sql2);
stmt.setString(1,obj.getFMLY_CODE());
stmt.setString(2, obj.getFMLY_NAME());
stmt.setString(3, obj.getMID_CODE());
stmt.setString(4, obj.getMID_NAME());
stmt.setString(5, obj.getDETAIL_CODE());
stmt.setString(6, obj.getDETAIL_NAME());
stmt.setString(7, obj.getMETA_STR_ID());
stmt.setString(8, obj.getMETA_STRUCTURE());
stmt.setString(9, "Y");
stmt.setString(10, obj.getCREATE_MAN());
stmt.setString(11, obj.getMODIFY_MAN());
bol = stmt.executeUpdate();
logger.info("ManageDAO--insert dim_coef_price table:"+bol+"row");
if(!(bol>0)){
throw new SQLException();
}
else{
String sql3 ="insert into DIM_CONVERT_FORMULA(FMLY_CODE,FMLY_NAME,MID_CODE,MID_NAME,DETAIL_CODE,DETAIL_NAME,META_STR_ID,META_STRUCTURE," +
"ALIVE_FLAG,CREATE_MAN,CREATE_DATE,MODIFY_MAN,MODIFY_DATE) " +
"values(?,?,?,?,?,?,?,?,?,?,sysdate,?,sysdate)";
stmt = Iner_con.prepareStatement(sql3);
stmt.setString(1, obj.getFMLY_CODE());
stmt.setString(2, obj.getFMLY_NAME());
stmt.setString(3, obj.getMID_CODE());
stmt.setString(4, obj.getMID_NAME());
stmt.setString(5, obj.getDETAIL_CODE());
stmt.setString(6, obj.getDETAIL_NAME());
stmt.setString(7, obj.getMETA_STR_ID());
stmt.setString(8, obj.getMETA_STRUCTURE());
stmt.setString(9, "Y");
stmt.setString(10, obj.getCREATE_MAN());
stmt.setString(11, obj.getMODIFY_MAN());
bol = stmt.executeUpdate();
logger.info("ManageDAO--insert DIM_CONVERT_FORMULA table:"+bol+"row");
if(!(bol>0)){
throw new SQLException();
}
}
}
if(stmt!=null)stmt.close();
return new Integer(bol);
}
});
}else {
try {
if(con!=null)con.close();
logger.debug("Close Connection:"+con+"is Succeed!");
} catch (SQLException e) {
logger.debug("Close Connection:"+con+"is Defeat!",e);
}
return new Integer(2);
}
}
[/code]
你好,代码可能有如下问题:
1.你的方法实在太长了,可读性十分的差.
2.查询数据库是每次连接和statment需要关闭.
3.增加适当的注释,便于别人理解,如果出现问题,自己调试也比较方便.
4.网上有spring的jdbcTemplete,或者使用ibatis等成熟的框架.这样你的代码才有保证.有那么多现成的,我们为什么不用呢.
问起来有点 bad smell..
看起来不舒服..复制粘贴的代码太多.
1.没有注释不是一个好习惯
2.你给SQL语句绑定参数时,用的是按参数位置绑定的如果换成按参数名绑定形式,可提高代码的维护性能
3.String sql = "select distinct * from DIM_MG_OBJECT where Detail_Code = '"+obj.getDETAIL_CODE()+"'";
这个查询有安全问题
rs也close来吧,如果重用rs或者PreparedStatement ,之前也要先close