JavaFX文本字段到MySQL插入:SQL语法错误
我有一个MySQL表,如下所示: 我在表单中创建了一些文本字段,并将输入保存为字符串:JavaFX文本字段到MySQL插入:SQL语法错误,java,mysql,sql,javafx,Java,Mysql,Sql,Javafx,我有一个MySQL表,如下所示: 我在表单中创建了一些文本字段,并将输入保存为字符串: String name = shopname.getText(); String address = streetaddress.getText(); String city = cityname.getText(); String state = statename.getText(); String country = countryname.getText();
String name = shopname.getText();
String address = streetaddress.getText();
String city = cityname.getText();
String state = statename.getText();
String country = countryname.getText();
String zip = zipcode.getText();
String phonept1 = phonecountryid.getText();
String phonept2 = phoneareaid.getText();
String phonept3 = phoneothernumber.getText();
String phonefull = phonept2 + " " + "(" + phonept1 + ")" + " " + phonept3;
然后我制作了一个INSERT方法,该方法可以很好地处理旧的SQLite数据库:
conn = DBConnect.Connector();
stmt = conn.createStatement();
stmt.executeUpdate("INSERT INTO shopList (name,address,city,state,country,zipcode,phonefull) VALUES(" +name+ "," + address + "," + city + "," + state + "," + country + "," + zip + "," + phonefull + ")");
conn.close();
但现在它说:
严重:空
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以了解第1行中使用的接近“(22)22222)”的正确语法
有人看到语法错误吗
ps.(22)22222是经过测试的phonefull输入
conn = DBConnect.Connector();
stmt = conn.createStatement();
stmt.executeUpdate("INSERT INTO shopList (name,address,city,state,country,zipcode,phonefull) VALUES('" +name+ "','" + address + "','" + city + "','" + state + "','" + country + "','" + zip + "','" + phonefull + "')");
conn.close();
试试这个(我用单引号把字符串值括起来)
编辑:
通过直接传递字符串值,您很容易受到SQL注入的影响。如果可能,您希望使用
PreparedStatement
对象和setString
方法 值(…)
中的值不带引号。这不可能奏效。你应该使用事先准备好的陈述。