Java 遇到SQL语法错误"\'\'&引用;
这是我的控制台输出:Java 遇到SQL语法错误"\'\'&引用;,java,sql,Java,Sql,这是我的控制台输出: `[10, name, N, 11-11, Address, 12, City, XX, 123-123-123, 321-321-321, maaaail] INSERT INTO CUSTOMER (CUSTOMER_ID, NAME, ZIP, ADDRESSLINE1, ADDRESSLINE2, CITY, STATE, PHONE, FAX, EMAIL) VALUES (10','name','11-11','Address','12','City','XX'
`[10, name, N, 11-11, Address, 12, City, XX, 123-123-123, 321-321-321, maaaail]
INSERT INTO CUSTOMER (CUSTOMER_ID, NAME, ZIP, ADDRESSLINE1, ADDRESSLINE2, CITY, STATE, PHONE, FAX, EMAIL) VALUES (10','name','11-11','Address','12','City','XX','123-123-123','321-321-321','maaaail)
java.sql.SQLSyntaxErrorException: Syntax error: Encountered "\',\'" at line 1, column 117.`
System.out.println(Arrays.toString(dane));
sql = "INSERT INTO CUSTOMER (CUSTOMER_ID, NAME, ZIP, ADDRESSLINE1, ADDRESSLINE2, CITY, STATE, PHONE, FAX, "
+ "EMAIL) VALUES (" + dane[0] + "','" + dane[1] + "','" + dane[3] + "','" + dane[4] + "','"
+ dane[5] + "','" + dane[6] + "','" + dane[7] + "','" + dane[8] + "','" + dane[9] + "','" + dane[10] + ")";
System.out.println(sql);
“+dane[10]+”)结尾处缺少引号,但不要使用这种方式,而是要了解如何避免语法错误和SQL注入^^^^更多:值的开头也缺少引号。是的,此代码易受攻击-决不能对SQL语句(在生产代码中)使用字符串串联如果字符串值本身包含单引号怎么办?不要将查询值视为可执行代码,而是将它们视为值。将准备好的语句与查询参数一起使用。它更安全、更清洁、更易于维护、速度更快、车辆更少。