com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:未知列';poi';在';其中第'条;
我试图通过从文本字段中读取一个值来创建一个新数据库。在创建数据库之前,我决定检查它是否存在。我的代码如下com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:未知列';poi';在';其中第'条;,mysql,exception,javafx,Mysql,Exception,Javafx,我试图通过从文本字段中读取一个值来创建一个新数据库。在创建数据库之前,我决定检查它是否存在。我的代码如下 public void createAccount() throws ClassNotFoundException, SQLException { try { dbName = t12.getText(); Class.forName("com.mysql.jdbc.Driver"); connect = DriverManage
public void createAccount() throws ClassNotFoundException, SQLException {
try {
dbName = t12.getText();
Class.forName("com.mysql.jdbc.Driver");
connect = DriverManager
.getConnection("jdbc:mysql://localhost:3306/project?"
+ "user=root&password=virus");
statement = connect.createStatement();
preparedStatement = connect
.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = "+dbName+"");
rs=preparedStatement.executeQuery();
rs.next();
int chk = rs.getInt(1);
if(chk!=1)
{
int resultset = statement.executeUpdate("create database " + dbName );
connect = DriverManager
.getConnection("jdbc:mysql://localhost:3306/"+ dbName +"?"
+ "user=root&password=virus");
statement = connect.createStatement();
preparedStatement = connect
.prepareStatement("create table " + dbName + " (fullname varchar(30),"
+ "username varchar(20) primary key, password varchar(20),"
+ "department varchar(30), semester int(2));");
preparedStatement.executeUpdate();
preparedStatement = connect
.prepareStatement("insert into " + dbName + " values(?,?,?,?,?);");
preparedStatement.setString(1, t11.getText());
preparedStatement.setString(2, t12.getText());
preparedStatement.setString(3, p11.getText());
preparedStatement.setString(4, t13.getText());
preparedStatement.setString(5, (String)comboBox.getValue());
preparedStatement.executeUpdate();
}
else
{
actiontarget = new Text();
actiontarget.setFill(Color.FIREBRICK);
actiontarget.setText("Try another User Name...!");
actiontarget.setFont(Font.font(null, 15));
setEffect(new BoxBlur(5, 10, 10));
Stage usrpagestage = new Stage();
usrpagestage.setMaxHeight(60);
usrpagestage.setMaxWidth(200);
usrpagestage.initStyle(StageStyle.UTILITY);
usrpagestage.setScene(new Scene(new Warning()));
usrpagestage.show();
usrpagestage.setOnCloseRequest(new EventHandler<WindowEvent>() {
@Override
public void handle(WindowEvent t) {
setEffect(new BoxBlur(0, 0, 0));
}
});
}
} catch (ClassNotFoundException | SQLException e) {
throw e;
} finally {
close2();
}
}
为什么会生成此异常?我怎样才能解决它
preparedStatement = connect
.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = "+dbName+"");
到
您需要用单引号将where值括起来作为字符串,否则它将抛出错误
这里有一个例子
mysql> SELECT COUNT(*) FROM information_schema.tables where table_schema = users ;
ERROR 1054 (42S22): Unknown column 'users' in 'where clause'
mysql> SELECT COUNT(*) FROM information_schema.tables where table_schema = 'users' ;
+----------+
| COUNT(*) |
+----------+
| 0 |
+----------+
您未正确使用
PreparedStatement
使用占位符?
将值输入查询。通过使用set…
方法,您可以为查询中的各种参数设置值
这在处理转义字符和sql注入时是安全的
table_schema=poi
的情况不会发生。但是作为表_name='poi'
在内部进行处理
更改:
preparedStatement =
connect.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = "+dbName+"");
rs=preparedStatement.executeQuery();
String sqlQuery = "SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = ?";
preparedStatement =
connect.prepareStatement( sqlQuery );
preparedStatement.setString( 1, dbName );
rs=preparedStatement.executeQuery();
至:
preparedStatement =
connect.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = "+dbName+"");
rs=preparedStatement.executeQuery();
String sqlQuery = "SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = ?";
preparedStatement =
connect.prepareStatement( sqlQuery );
preparedStatement.setString( 1, dbName );
rs=preparedStatement.executeQuery();
你的问题是错误的
preparedStatement = connect
.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = "+dbName+"");
那是错误的。始终以单引号传递参数名称,如下所示:
preparedStatement = connect
.prepareStatement("SELECT COUNT(*) FROM information_schema.tables \n" +
"WHERE table_schema = '"+dbName+"'");
这基本上只是重复。