更新查询在UserDAO.java中给我带来了麻烦
我正在尝试更新一个小应用程序的用户配置文件。。 程序正在从以前的会话中获取值,但我没有相应地更新。 下面是来自UserDAO的代码更新查询在UserDAO.java中给我带来了麻烦,java,mysql,session,dao,Java,Mysql,Session,Dao,我正在尝试更新一个小应用程序的用户配置文件。。 程序正在从以前的会话中获取值,但我没有相应地更新。 下面是来自UserDAO的代码 public String updateUser(userBean user)throws Exception{ System.out.println("Reached update user"); String result = null; PreparedStatement stmtUpdate = null
public String updateUser(userBean user)throws Exception{
System.out.println("Reached update user");
String result = null;
PreparedStatement stmtUpdate = null;
//Create a Database Connection
Connection con = ConnectionDAO.getJDBCConnection();
try{
System.out.println("Reached Try block");
con.setAutoCommit(false);
StringBuffer sbUpdate = new StringBuffer();
System.out.println("String buffer created");
sbUpdate.append("UPDATE user SET ");
System.out.println(user.getUser()+ " details updating....");
System.out.println(user.getFname()+ " ....");
System.out.println(user.getLname()+ " ....");
System.out.println(user.getMobileno()+ " ....");
System.out.println(user.getEmail()+ " ....");
System.out.println(user.getAddress()+ " ....");
System.out.println(user.getDes()+ " ....");
sbUpdate.append(" fname = '" + user.getFname() + "', ");
sbUpdate.append(" lname = '" + user.getLname() + "', ");
sbUpdate.append(" mobileno = '" + user.getMobileno() + "', ");
sbUpdate.append(" email = '" + user.getEmail() + "', ");
sbUpdate.append(" address = '" + user.getAddress() + "', ");
sbUpdate.append(" des = '" + user.getDes() + "', ");
sbUpdate.append(" where user='" + user.getUser() + "'" );
stmtUpdate = con.prepareStatement(sbUpdate.toString());
System.out.println("prepare statement created");
int rows = stmtUpdate.executeUpdate();
System.out.println("int rows has a value");
if (rows != 1){
result = FAILURE;
System.err.println("Execute update error for user "+ user.getUser());
}
result = SUCCESS;
ConnectionDAO.commitJDBCConnection(con);
}catch (SQLException ex){
result = FAILURE;
ConnectionDAO.rollbackJDBCConnection(con);
}
finally{
ConnectionDAO.closeStatement(stmtUpdate);
ConnectionDAO.closeJDBCConnection(con);
}
return result;
}
控制台显示…
INFO: Server startup in 460 ms
Oct 05, 2013 11:52:21 PM com.kbcss.DAO.UserDAO checkUser
INFO: Logging for user: sri
Reached update user
Reached Try block
String buffer created
sri details updating....
sri ....
sai ....
789456130 ....
123@qwer.com ....
123456 ....
qwert ....
prepare statement created
我知道的是……
INFO: Server startup in 460 ms
Oct 05, 2013 11:52:21 PM com.kbcss.DAO.UserDAO checkUser
INFO: Logging for user: sri
Reached update user
Reached Try block
String buffer created
sri details updating....
sri ....
sai ....
789456130 ....
123@qwer.com ....
123456 ....
qwert ....
prepare statement created
它会一直显示到“创建准备语句”,但以后会发生什么?
没什么…程序终止了!!:(
非常感谢你的任何意见
我做错了吗
另外,我对这个世界还不熟悉!!!!问题似乎是语法错误
sbUpdate.append(“des=”+user.getDes()+”,”;
尝试在最后删除逗号。这也是使用预处理语句的正确方法。不要在查询中的
WHERE
关键字前面加逗号。这会导致查询自动回滚并返回失败,以便理解问题,在catch块do ex.printStackTrace()中;没关系,这发生在我们所有人身上。顺便说一句,Ayman是正确的;您需要使用参数化查询(web上有大量示例)。您的查询现在面临SQL注入的风险。