怎么用PreparedStatement 的方式了拼装进sql语句.怎么给?复值?
我用的是Hibernate!

   static public String assembleSimpleHql(String hql,Limit limit){
  
   FilterSet filterSet = limit.getFilterSet();
   if(filterSet!=null && filterSet.isFiltered()){
   if(hql.indexOf("where")<1)
  hql = hql + " where ";
   int whereIndex = hql.indexOf("where");
   boolean hasFilter = false;
   if(hql.substring(whereIndex).length()>9)
     hasFilter = true;
     //System.out.println(hasFilter+"zy:"+hql.substring(whereIndex).length());
   Filter[] filters = filterSet.getFilters();
   int i =0;
  for(Filter filter : filters){
   if(hasFilter)
   hql = hql + " and "+filter.getProperty() + " like ? ";
   else if(i==0){
   hql = hql + filter.getProperty() + " like ?  ";
   }
   else
   hql = hql + " and "+filter.getProperty() + " like ?  ";
   i++;
   }
   }
   Sort sort = limit.getSort();
if(sort != null && sort.isSorted())
hql = hql + " order by " +sort.getProperty() +" " +sort.getSortOrder(); 
   return hql;
   }
  
   /**
    * 返回limit过滤条件的值
    * @param limit
    * @return
    */
   static public Object[] getLimitValues(Limit limit){
   FilterSet filterSet = limit.getFilterSet();
   Object[] values = null;
   if(filterSet!=null && filterSet.isFiltered()){
   Filter[] filters = filterSet.getFilters();
   values = new Object[filters.length];
   int i =0;
   for(Filter filter : filters){
   values[i] = "%"+filter.getValue()+"%";
   i++;
   }
   }
   return values;
   }

hql里 from  Gssp  where  companyId= '"+ companyId+ "' and spCn like '%" +name+"%' and spfbpcId is null order by addTime desc";
我想改成PreparedStatement方式！