Java sql查询在mysql中正确执行,但同一查询在jsp编译中显示错误
我在mysql中有以下查询,它在mysql中工作得非常好,并且正在生成输出表。但当我用jsp编写它时,它显示了一个错误Java sql查询在mysql中正确执行,但同一查询在jsp编译中显示错误,java,jdbc,Java,Jdbc,我在mysql中有以下查询,它在mysql中工作得非常好,并且正在生成输出表。但当我用jsp编写它时,它显示了一个错误 String q2 = "select id,username,password,fname,email,dob,mobile,habits,attitudes,tastes,moral,economic,people,imagess" + "from user, request " + "where user.habits='" + q1 +
String q2 = "select id,username,password,fname,email,dob,mobile,habits,attitudes,tastes,moral,economic,people,imagess"
+ "from user, request "
+ "where user.habits='" + q1 + "'"
+ " and user.username=request.rto"
+ " and request.rfrom='" + username + "'"
+ " and request.status='Accepted'";
你有一些额外的双引号是不平衡的。遵循Jon Skeet和Luiggi Mendoza提供的建议,因为这是避免此类问题的最佳实践,也将帮助您避免sql注入
String q2 = "select id,username,password,fname,email,dob,mobile,habits,attitudes,tastes,moral,economic,people,imagess"
+ " from user, request "
+ "where user.habits='" + q1
+ "' and user.username=request.rto"
+ " and request.rfrom='" + username
+ "' and request.status='Accepted'";
问题是在您的查询中,当您构建sql查询时,在所选列名的末尾和from子句之间缺少一个空格 在from imagessfrom之前需要一个空格 下面是正确的一个
String q2 = "select id,username,password,fname,email,dob,mobile,habits,attitudes,tastes,moral,economic,people,imagess"
+ " from user, request "
+ "where user.habits='" + q1 + "'"
+ " and user.username=request.rto"
+ " and request.rfrom='" + username + "'"
+ " and request.status='Accepted'";
第一:停止像那样构建SQL。使用参数化SQL和PreparedStatement。接下来,我建议您只使用JSP中的表示代码……使用PreparedStatement来避免这些错误。查询中的每一行子字符串都应该以双引号结尾。Java不支持多行字符串。
String q2 = "select id,username,password,fname,email,dob,mobile,habits,attitudes,tastes,moral,economic,people,imagess"
+ " from user, request "
+ "where user.habits='" + q1 + "'"
+ " and user.username=request.rto"
+ " and request.rfrom='" + username + "'"
+ " and request.status='Accepted'";