使用Java将变量值插入SQL Server
到目前为止,我只能在ExecuteUpdate语句中声明值时才能将数据插入SQL表。我想知道的是,是否有一种方法可以将这些值作为变量传递,我将在执行方法中声明为参数,如下所示:使用Java将变量值插入SQL Server,java,Java,到目前为止,我只能在ExecuteUpdate语句中声明值时才能将数据插入SQL表。我想知道的是,是否有一种方法可以将这些值作为变量传递,我将在执行方法中声明为参数,如下所示: public void updateSQL(String name, String dnsName, String ipV4, String ipV6, int statusCode) { try { Class.forName("com.microsoft.sqlserver.jdbc.
public void updateSQL(String name, String dnsName, String ipV4, String ipV6, int statusCode)
{
try
{
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection connection = DriverManager.getConnection("jdbc:sqlserver://servername;database=databasename;integratedSecurity=true");
System.out.println("Database Name: " + connection.getMetaData().getDatabaseProductName());
Statement statement = connection.createStatement();
statement.executeUpdate("INSERT INTO ComputerStatus(Name, DNSName, IPAddressV4, IPAddressV6, StatusCodeID)" + "VALUES(@Name, @DNSName, @IPAddressV4, @IPAddressV6, @StatusCodeID)");
System.out.println("Data Inserted");
ResultSet resultSet = statement.executeQuery("SELECT Name FROM ComputerStatus");
while(resultSet.next())
{
System.out.println("Computer Name: " + resultSet.getString("Name"));
}
connection.close();
}
catch (Exception e)
{
e.printStackTrace();
System.err.println("Problem Connecting!");
}
}
我试过两种不同的方法,但到目前为止运气不好。有人知道这是否可以做到吗 您可以使用
PreparedStatement
而不是Statement
PreparedStatement stmt = connection.prepareStatement("insert into test (firstname, lastname) values (?, ?");
stmt.setString(1, name);
stmt.setString(2, lname);
stmt.executeUpdate();
通过这种方式,可以防止SQL注入。请查看以下内容:
PreparedStatement prep = conn.prepareStatement("INSERT INTO ComputerStatus(Name, DNSName, IPAddressV4, IPAddressV6, StatusCodeID) VALUES(?, ?, ?, ?, ?)");
prep.setString(1, name);
prep.setString(2, dnsName);
prep.setString(3, ipV4name);
prep.setString(4, ipV6);
prep.setInt(5, statusCode);
prep.executeUpdate();
将帮助您理解。应该是
stmt.executeUpdate()