使用Java将数据插入mySQL数据库时出错
各位晚安。我有这些密码。我只在这里复制了有问题的代码使用Java将数据插入mySQL数据库时出错,java,mysql,exception,insert,Java,Mysql,Exception,Insert,各位晚安。我有这些密码。我只在这里复制了有问题的代码 //This is my main method. I called my Database.class, made the connection and called the insertnewcustomer method. public static void main(String[] args) { Database db = new Database(); db.connectDB(); db.inser
//This is my main method. I called my Database.class, made the connection and called the insertnewcustomer method.
public static void main(String[] args) {
Database db = new Database();
db.connectDB();
db.insertNewCustomer(86754312, "arda", "zenci", 55418, 400);
.................//
//and here is my insertNewCustomer method which is inside the Database.class
public void insertNewCustomer(int num, String name, String surname, int phone, int debt){
try {
statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", " + name + ", " + surname + ", " + phone + ", " + debt + ")");
} catch (SQLException e) {
e.printStackTrace();
}}
我看不出任何问题,但我有一个MySQLSyntaxErrorException
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'arda' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4187)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4119)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2570)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2731)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2809)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1811)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1725)
at Database.insertNewCustomer(Database.java:39)
at mainFrame.main(mainFrame.java:50)
这是因为您需要用引号将非整数的变量括起来,否则数据库会将它们理解为列,只需在非整数列中添加引号,例如
statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", '" + name + "', '" + surname + "', " + phone + ", " + debt + ")");
我假设customer\u cardno
,customer\u phone
,debt
都是积分列,如果它们不只是用引号将变量括起来的话两件事:
首先,SQL注入风险。我建议你看看准备好的声明:
现在,如果您坚持这样构建查询字符串,那么应该将插入的字符串
值括在引号中:
statement.executeUpdate("INSERT INTO Customer " +
(customer_cardno, customer_name, customer_sirname, customer_phone, debt) " +
VALUES(" + num + ", '" + name + "', '" + surname + "', '" + phone + "', " + debt + ")");
/*
* Notice the single quotes arround "name", "surname" and "phone"
*/
谢谢,在你回答之前,我已经找到了再次感谢。@ArdaOğulÜçpınar无论如何,请阅读我提供给您的链接。您的代码易受SQL注入攻击。准备好的陈述可以帮你省去很多痛苦(而且它们很容易使用)