Java JDBC插入值
我有一个框架,有两个文本框和一个保存按钮 第一个文本字段是takeid,第二个是takename,当我点击按钮时,这些信息应该保存在数据库中Java JDBC插入值,java,jdbc,Java,Jdbc,我有一个框架,有两个文本框和一个保存按钮 第一个文本字段是takeid,第二个是takename,当我点击按钮时,这些信息应该保存在数据库中 public class d4 extends JFrame implements ActionListener { Connection con; String dbName = "mydb"; String bdUser = "root"; String dbPassword = "2323"; String dbUrl = "jdbc:mysql:
public class d4 extends JFrame implements ActionListener {
Connection con;
String dbName = "mydb";
String bdUser = "root";
String dbPassword = "2323";
String dbUrl = "jdbc:mysql://localhost/mydb";
JButton okButton;
JTextField tf1;
JTextField tf2;
String id;
String name;
public d4() {
add(mypanel(), BorderLayout.PAGE_START);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setSize(400, 500);
setLocation(300, 30);
setVisible(true);
}
public JPanel mypanel() {
JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT));
okButton = new JButton("Ok");
okButton.addActionListener(this);
tf1 = new JTextField(10);
tf2 = new JTextField(10);
panel.add(okButton);
panel.add(tf1);
panel.add(tf2);
return panel;
}
public static void main(String[] args) {
new d4();
}
@Override
public void actionPerformed(ActionEvent e) {
if (e.getSource() == okButton) {
id = tf1.getText();
name = tf2.getText();
try {
con = DriverManager.getConnection(dbUrl, bdUser, dbPassword);
System.out.println("Connected to database successfully!");
} catch (SQLException ex) {
System.out.println("Could not connect to database");
}
excuteQuery(id, name);
}
}
public void excuteQuery(String ID, String NAME) {
try {
Statement st1 = con.createStatement();
ResultSet result1 = st1.executeQuery("select mytable");
st1.execute("insert into mytable values ( " + ID + "," + NAME + ")");
} catch (SQLException ex) {
System.out.println("execute time exception");
ex.printStackTrace();
}
}
}
输出:
Connected to database successfully!
execute time exception
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'mytable' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2618)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1557)
at JDBCtest.d4.excuteQuery(d4.java:86)
...
- 别忘了引语
st1.execute("insert into mytable values ( '" + ID + "', '" + NAME + "')");
- 不要忘记关闭数据库连接
excuteQuery(id, name); con.close();
- 我猜之前没有必要执行select
// ResultSet result1 = st1.executeQuery("select mytable");
- 而且,由于您接受来自用户的输入,因此很容易受到SQL注入攻击。改用
:PreparedStatement.executeUpdate()
PreparedStatement也会处理报价Statement ps = con.prepareStatement("INSERT INTO mytable VALUES (?, ?)"); ps.setString(1, ID); ps.setString(2, NAME); ps.executeUpdate();
executeQuery
中的非敏感和错误的select语句,然后研究和学习如何以及为什么使用preparedStatement
,以避免SQL注入威胁和其他与此相关的问题。