Java 删除具有指定值的字段的记录
我正在尝试删除具有“由我指定”值的字段的记录:Java 删除具有指定值的字段的记录,java,mysql,sql,jdbc,Java,Mysql,Sql,Jdbc,我正在尝试删除具有“由我指定”值的字段的记录: public static void delete(String firstName, String lastName, int age) { try { Statement myStmt = connection.createStatement(); String sql = "delete from students where firstName='" + firstName + "', la
public static void delete(String firstName, String lastName, int age)
{
try
{
Statement myStmt = connection.createStatement();
String sql = "delete from students where firstName='" + firstName + "', lastName='" + lastName + "', age='" + age + "'";
myStmt.executeUpdate(sql);
}
catch (SQLException e)
{e.printStackTrace();}
}
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where firstName='deleted', lastName='deleted', age='10'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.Util.getInstance(Util.java:408)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2486)
at com.mysql.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1552)
at com.mysql.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2607)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1480)
at Driver.delete(Driver.java:76)
at Driver.main(Driver.java:18)
您的SQL不正确,应该是:
String sql = "DELETE FROM students WHERE firstName='" + firstName + "' AND lastName='" + lastName + "' AND age='" + age + "'";
您只能使用关键字来分隔
WHERE和或或逗号在SQL查询的该部分是无效的分隔符。您的SQL不正确,应该是:
String sql = "DELETE FROM students WHERE firstName='" + firstName + "' AND lastName='" + lastName + "' AND age='" + age + "'";
您只能使用关键字来分隔WHERE
子句中的条件,例如和或或逗号在SQL查询的该部分是无效的分隔符。为了避免所有这些语法错误甚至SQL注入,您必须使用PreparedStatement,因此您可以使用:
String query = "delete from students where firstName=? and lastName=? and age=?";
try (PreparedStatement delete = connection.prepareStatement(query)) {
delete.setString(1, firstName);
delete.setString(2, lastName);
delete.setInt(3, age);//<-----------(1)
delete.executeUpdate();
}
为了避免所有这些语法错误甚至SQL注入,您必须使用PreparedStatement,因此您可以使用:
String query = "delete from students where firstName=? and lastName=? and age=?";
try (PreparedStatement delete = connection.prepareStatement(query)) {
delete.setString(1, firstName);
delete.setString(2, lastName);
delete.setInt(3, age);//<-----------(1)
delete.executeUpdate();
}
记录需要匹配所有值还是其中一个them@FMashiro,所有值。记录需要匹配所有值还是其中一个them@FMashiro,所有的值。好的。请稍等,我将尝试一下。并使用PreparedStatement
来避免SQL注入攻击。@AndrewS True,但是我对Java的了解还不够,无法用准备好的语句提供答案。如果你愿意,你可以发布一个OPOk的例子。请稍等,我将尝试一下。并使用PreparedStatement
来避免SQL注入攻击。@AndrewS True,但是我对Java的了解还不够,无法用准备好的语句提供答案。如果您愿意,您可以发布一个OP示例