String expr = "select * from table where url like ?"; pstmt = con.prepareStatement(expr); String a="a"; pstmt.setString(1, "%"+a+"%"); pstmt.execute(); 这样写 PreparedStatement 会默认生成sql语句: select * from table where url like '%http%' 不要这样写 String expr = "select * from table where url like %?%"; 也不要这样写 pstmt = con.prepareStatement(expr); String a="%a%"; pstmt.setString(1, a); pstmt.execute();