在mysql中使用Java insert值时,为什么要获取null空varchar记录和0作为日期记录?
我尝试使用Java从eclipse插入到MySQL。我没有收到错误通知。然而,当我从表中选择record时,varchar类型列中的记录为空,日期类型列中的记录为0000-00-00 以下是代码:在mysql中使用Java insert值时,为什么要获取null空varchar记录和0作为日期记录?,java,mysql,Java,Mysql,我尝试使用Java从eclipse插入到MySQL。我没有收到错误通知。然而,当我从表中选择record时,varchar类型列中的记录为空,日期类型列中的记录为0000-00-00 以下是代码: import java.sql.*; public class Database { public static void main(String[] args){ try{ String url = "jdbc:mysql://localh
import java.sql.*;
public class Database {
public static void main(String[] args){
try{
String url = "jdbc:mysql://localhost/employees";
String user = "DDD";
String pwd = "123456";
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection conn = DriverManager.getConnection(url, user, pwd);
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("select * from employees");
PreparedStatement ps = null;
AddEmployees newAddEmployees = new AddEmployees("555-55-5555", "DDD", "LLL", "1990-1-1", "programmerEmployee", "DEVELOP");
ps = conn.prepareStatement(newAddEmployees.Insert());
ps.executeUpdate();
while (rs.next()){
String socialSecurityNumber = rs.getString("socialSecurityNumber");
String firstName = rs.getString("firstName");
String lastName = rs.getString("lastName");
String birthday = rs.getString("birthday");
String employeeType = rs.getString("employeeType");
String departmentName = rs.getString("departmentName");
System.out.println(socialSecurityNumber + ", " + firstName + ", " + lastName + ", " + birthday + ", " + employeeType + ", " + departmentName);
}
rs.close();
conn.close();
}
catch(Exception ex){
System.out.println("Error: " + ex.toString());
}
}
}
以下是AddEmployees类中的其他代码:
public class AddEmployees extends Employees{
public AddEmployees(String socialSecurityNumber, String firstName, String lastName, String birthday,
String employeeType, String departmentName) {
this.socialSecurityNumber = socialSecurityNumber;
this.firstName = firstName;
this.lastName = lastName;
this.birthday = birthday;
this.employeeType = employeeType;
this.departmentName = departmentName;
}
@Override
public String Insert() {
return SQLStatement = "insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName)"
+ "values (+socialSecurityNumber, +firstName, +lastName, +birthday, +employeeType, +departmentName)";
}
}
以下是我在MySQL中得到的信息:
mysql> select * from employees;
+----------------------+-----------+----------+------------+----------------------------+----------------+
| socialSecurityNumber | firstName | lastName | birthday | employeeType | departmentName |
+----------------------+-----------+----------+------------+----------------------------+----------------+
| | | | 0000-00-00 | | |
| 111-11-1111 | John | Smith | 1945-01-02 | salariedEmployee | R&D |
| 222-22-2222 | Sue | Jones | 1961-02-03 | commissionEmployee | SALES |
| 333-33-3333 | Bob | Lowis | 1958-10-05 | basePlusCommissionEmployee | SALES |
| 444-44-4444 | Karen | Price | 1972-05-25 | hourlyEmployee | HR |
+----------------------+-----------+----------+------------+-------------------
---------+----------------+
5 rows in set (0.02 sec)
Insert()
方法返回文本字符串
insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName)
values (+socialSecurityNumber, +firstName, +lastName, +birthday, +employeeType, +departmentName)
您可能需要插入参数,而不是+socialSecurityNumber
,+firstName
,…-但返回的只是一个静态字符串。因为您的值是表的有效列名,所以不会出现错误,将插入的是列的默认值
无论如何,您不应该尝试使用字符串替换来创建SQL查询,这只会导致代码中存在SQL注入漏洞
这就是为什么:
PreparedStatement ps = conn.prepareStatement("insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName) "
+ "values (?, ?, ?, ?, ?, ?)");
ps.setInt(1, socialSecurityNumber);
ps.setString(2, firstName);
...
ps.executeUpdate();