java提供了什么工具来从命令行获取SQL中executeUpdate()方法的输入
这给了我一个错误,并要求我检查SQL手册。这可能吗?不一定是用户输入的格式不正确。插入的格式应如下所示:java提供了什么工具来从命令行获取SQL中executeUpdate()方法的输入,java,sql,Java,Sql,这给了我一个错误,并要求我检查SQL手册。这可能吗?不一定是用户输入的格式不正确。插入的格式应如下所示: Scanner input = new Scanner(System.in); System.out.println("Enter Staff Name: "); String staffName = input.nextLine(); System.out.println("Enter Department Name: "); String department =Input.nextLi
Scanner input = new Scanner(System.in);
System.out.println("Enter Staff Name: ");
String staffName = input.nextLine();
System.out.println("Enter Department Name: ");
String department =Input.nextLine();
stmt.executeUpdate("insert into staff (StaffName,department) " + "values " +
staffName,department);
这是可能的,因为它发生了。在SQL中,字符串必须用引号括起来:
String sql = "INSTERT INTO STAFF (StaffName, department) VALUES (\'" +
staffName + "\', \'" + department + "\');";
学习使用字符串连接代替字符串连接,使查询正常工作,并且不受攻击:
使用上述方法,您不需要乱加引号,也不需要在字符串中转义引号。谢谢您的时间,不幸的是,您的建议已编译,但未将记录添加到表中。谢谢,伙计。工作非常顺利。
String sql = "INSTERT INTO STAFF (StaffName, department) VALUES (\'" +
staffName + "\', \'" + department + "\');";
insert into foo (bar, baz) values ('hello', 'world');
PreparedStatement stmt = connection.prepareStatement("insert into staff (StaffName, department) values (?, ?)");
stmt.setString(1, staffName);
stmt.setString(2, department);
stmt.executeUpdate();