Fatal编程技术网
  • java/
  • 尝试更新字符串字段时出现java.sql.SQLSyntaxErrorException

尝试更新字符串字段时出现java.sql.SQLSyntaxErrorException

java sql phpmyadmin

尝试更新字符串字段时出现java.sql.SQLSyntaxErrorException,java,sql,phpmyadmin,Java,Sql,Phpmyadmin,我在phpMyAdmin中设置了数据库,在下面的查询中,我试图更新一个字符串字段,其中包含一些软件的文件路径,例如“C:\Program Files(x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe” 当我执行查询时,我得到java.sql.SQLSyntaxErrorException,如下所示。当在phpMyAdmin中运行该查询时,它工作得很好。我做错了什么 我的问题是: String query4 = MessageFo

我在phpMyAdmin中设置了数据库,在下面的查询中,我试图更新一个字符串字段,其中包含一些软件的文件路径,例如“C:\Program Files(x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avp.exe”

当我执行查询时,我得到java.sql.SQLSyntaxErrorException,如下所示。当在phpMyAdmin中运行该查询时,它工作得很好。我做错了什么

我的问题是:

String query4 = MessageFormat.format("UPDATE system_object SET file_path = {0}, validate={1} " +
            "where category_key = 2", settings.getAntivirus_filePath(), settings.isAntivirus_validate());
错误

java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':\Program Files (x86)Kaspersky LabKaspersky Total Security 19.0.0avp.exe, valida' at line 1
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
    at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
    at com.mysql.cj.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1355)
    at com.mysql.cj.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2128)
    at com.mysql.cj.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1264)
    at s4.server.resourcemonitor.dao.ServerResourcesDAO.savePCSettings(ServerResourcesDAO.java:307)
    at s4.server.resourcemonitor.controller.ServerResourcesController.savePCSettings(ServerResourcesController.java:79)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
    at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:919)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:663)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)
编辑 我确实尝试在参数上使用引号,但后来我得到了同样的错误

java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '0}, validate=true where category_key = 2' at line 1
使用
PreparedStatement
并绑定参数;您当前的方法易受sql注入的影响。忽略这个问题(这是一个很大的问题),您没有引用您的参数。你可以

String query4 = MessageFormat.format(
        "UPDATE system_object SET file_path = '{0}', validate='{1}' " +
        "where category_key = 2", settings.getAntivirus_filePath(), 
        settings.isAntivirus_validate());
使用
PreparedStatement
并绑定参数;您当前的方法易受sql注入的影响。忽略这个问题(这是一个很大的问题),您没有引用您的参数。你可以

String query4 = MessageFormat.format(
        "UPDATE system_object SET file_path = '{0}', validate='{1}' " +
        "where category_key = 2", settings.getAntivirus_filePath(), 
        settings.isAntivirus_validate());
只是一次更新,请使用双精度“”,而不是单精度“”:

String query4 = MessageFormat.format(
        "UPDATE system_object SET file_path = '{0}', validate='{1}' " +
        "where category_key = 2", settings.getAntivirus_filePath(), 
        settings.isAntivirus_validate());
只是一次更新,请使用双精度“”,而不是单精度“”:

String query4 = MessageFormat.format(
        "UPDATE system_object SET file_path = '{0}', validate='{1}' " +
        "where category_key = 2", settings.getAntivirus_filePath(), 
        settings.isAntivirus_validate());
将您的代码修改为:

String query4 = MessageFormat.format(
            "UPDATE system_object SET file_path = \"{0}\", validate=\"{1}\" " +
            "where category_key = 2", "demo1", 
            "demo2");
    System.out.println(query4);
输出:
updatesystem\u object SET file\u path=“demo1”,validate=“demo2”,其中category\u key=2

将代码修改为:

String query4 = MessageFormat.format(
            "UPDATE system_object SET file_path = \"{0}\", validate=\"{1}\" " +
            "where category_key = 2", "demo1", 
            "demo2");
    System.out.println(query4);
输出:
updatesystem\u object SET file\u path=“demo1”,validate=“demo2”其中category\u key=2

我确实尝试引用它们,但得到了一个类似的错误在这种情况下引用它们将不起作用,因为
MessageFormat
将其视为文本
PreparedStatement
是一种方法。是的,我最终使用了PreparedStatement,它现在运行良好。谢谢,也就是说,从代码中删除对MessageFormat的调用。您正在使用MessageFormat进行语句参数绑定,但这并不是为了实现此目的。其目的是PreparedStatement.setParameter(…)。我确实尝试引用它们,但遇到了类似的错误,在这种情况下引用它们将不起作用,因为
MessageFormat
将其视为文本
PreparedStatement
是一种方法。是的,我最终使用了PreparedStatement,它现在运行良好。谢谢,也就是说,从代码中删除对MessageFormat的调用。您正在使用MessageFormat进行语句参数绑定,但这并不是为了实现此目的。其目的是PreparedStatement.setParameter(…)。不确定,但奇怪的是,您的消息没有填充参数。我猜您的
设置有问题。getAntivirus_filePath()
语句不确定,但奇怪的是,您的消息没有填入参数。我猜您的
设置有问题。getAntivirus\u filePath()
语句