请问这串代码什么意思,看的糊涂
new CommDAO().delete(request,"jiaoxuezichan");
String url = "jiaoxuezichan_list.jsp?1=1";
String sql = "select * from jiaoxuezichan where 1=1";
if(request.getParameter("zichanbianhao")=="" ||request.getParameter("zichanbianhao")==null ){
}else{sql=sql+" and zichanbianhao like '%"+request.getParameter("zichanbianhao")+"%'";}
if(request.getParameter("zichanmingcheng")=="" ||request.getParameter("zichanmingcheng")==null ){
}else{sql=sql+" and zichanmingcheng like '%"+request.getParameter("zichanmingcheng")+"%'";}
if(request.getParameter("zichanleibie")=="" ||request.getParameter("zichanleibie")==null ){
}else{sql=sql+" and zichanleibie like '%"+request.getParameter("zichanleibie")+"%'";}
if(request.getParameter("zhuangtai")=="" ||request.getParameter("zhuangtai")==null ){
}else{sql=sql+" and zhuangtai like '%"+request.getParameter("zhuangtai")+"%'";}
if(request.getParameter("shiyongjiaoshi")=="" ||request.getParameter("shiyongjiaoshi")==null ){
}else{sql=sql+" and shiyongjiaoshi like '%"+request.getParameter("shiyongjiaoshi")+"%'";}
sql+=" order by id desc";
ArrayList list = PageManager.getPages(url,15,sql, request);
int i=0;
for(HashMap map:list){
i++;
这些代码都是sql查询,操作数据库的。
这是在js里动态拼接数据库指令的,建议不要使用这种方式,第一,容易暴露数据库结构,第二,很容易被注入攻击