我在执行以下选择查询时遇到错误:
ResultSet rs = St.executeQuery("select * from login where username="+username+"and password ="+password);
例外是
java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended.
如果查询语法错误,请告诉我。
答案 0 :(得分:2)
至少使用参数(命名参数甚至更好)。将值连接到SQL字符串是容易出错且不安全的。 E.g:
Statement stmt = null;
String query = "select * from login where username=? and password=?";
try {
stmt = con.createStatement();
stmt.setString(1, username);
stmt.setString(2, password);
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
//...
}
} catch (SQLException e ) {
//TODO handle e
} finally {
if (stmt != null) { stmt.close(); }
}
}
答案 1 :(得分:1)
您的用户名和and关键字之间没有空格。这将解析为
从登录处选择*,其中username = username和password = password
您还缺少围绕要插入语句的值的单引号。尝试:
ResultSet rs = St.executeQuery(“select * from login where username ='”+ username +“'and password ='”+ password +“'”);
我还建议您阅读Java教程中的Using Prepared Statements。
答案 2 :(得分:1)
值应在引号中
ResultSet rs = St.executeQuery("select * from login where username='" + username + "' and password ='" + password + "'");
答案 3 :(得分:0)
试试这个(你缺少几个空格和引号):
ResultSet rs =
St.executeQuery(
"select * from login where username=\""+username+"\" and password =\""+password + "\"");
答案 4 :(得分:0)
在输入值和密码之前缺少单引号,我认为应该是:
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
答案 5 :(得分:0)
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
执行查询的最佳方式将其取出并自行尝试... 对于前。
String query = "select * from login where username='"+username+"' and password = '"+password+"'";
//Print your query and execute it in your sql client you ll get to know if it works!
System.out.println(query);
ResultSet rs = St.executeQuery(query);