Fatal编程技术网
  • java/
  • 使用Java将数据插入mySQL数据库时出错

使用Java将数据插入mySQL数据库时出错

java mysql exception

使用Java将数据插入mySQL数据库时出错,java,mysql,exception,insert,Java,Mysql,Exception,Insert,各位晚安。我有这些密码。我只在这里复制了有问题的代码 //This is my main method. I called my Database.class, made the connection and called the insertnewcustomer method. public static void main(String[] args) { Database db = new Database(); db.connectDB(); db.inser

各位晚安。我有这些密码。我只在这里复制了有问题的代码

//This is my main method. I called my Database.class, made the connection and called the insertnewcustomer method.

public static void main(String[] args) {
    Database db = new Database();
    db.connectDB();
    db.insertNewCustomer(86754312, "arda", "zenci", 55418, 400);
.................//

//and here is my insertNewCustomer method which is inside the Database.class

public void insertNewCustomer(int num, String name, String surname, int phone, int debt){
    try {
        statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", " + name  + ", " + surname + ", " + phone + ", " + debt + ")");
    } catch (SQLException e) {
        e.printStackTrace();
    }}
我看不出任何问题,但我有一个MySQLSyntaxErrorException

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'arda' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4187)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4119)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2570)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2731)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2809)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1811)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1725)
at Database.insertNewCustomer(Database.java:39)
at mainFrame.main(mainFrame.java:50)
这是因为您需要用引号将非整数的变量括起来,否则数据库会将它们理解为列,只需在非整数列中添加引号,例如

statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", '" + name  + "', '" + surname + "', " + phone + ", " + debt + ")");
我假设
customer\u cardno
customer\u phone
debt
都是积分列,如果它们不只是用引号将变量括起来的话

两件事:

首先,SQL注入风险。我建议你看看准备好的声明:

现在,如果您坚持这样构建查询字符串,那么应该将插入的
字符串
值括在引号中:

statement.executeUpdate("INSERT INTO Customer " + 
    (customer_cardno, customer_name, customer_sirname, customer_phone, debt) " + 
    VALUES(" + num + ", '" + name  + "', '" + surname + "', '" + phone + "', " + debt + ")");
/*
 * Notice the single quotes arround "name", "surname" and "phone"
 */
谢谢,在你回答之前,我已经找到了再次感谢。@ArdaOğulÜçpınar无论如何,请阅读我提供给您的链接。您的代码易受SQL注入攻击。准备好的陈述可以帮你省去很多痛苦(而且它们很容易使用)