我是这里的新手,我有一个问题,我很难得到答案。我需要在Java中设置一个程序,使用户能够根据在TextField中键入的内容将值插入到数据库中。以下是我创建的3个类:
public class Odabrani{
public int id;
String ime;
String prezime;
public Odabrani(int id, String ime, String prezime){
this.id=id;
this.ime=ime;
this.prezime=prezime;
}
}
import com.mysql.jdbc.Connection;
import com.mysql.jdbc.Statement;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
public class MySQL{
public static Connection connect() throws InstantiationException, ClassNotFoundException, IllegalAccessException, SQLException{
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection conn = (Connection) DriverManager.getConnection("jdbc:mysql://localhost/prodavnica", "root", "");
return conn;
}
public static void Obrisi(int id) throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException{
Connection conn = connect();
Statement st = (Statement) conn.createStatement();
st.execute("delete from prodavac where id = " + id);
conn.close();
}
public static List<Prodavac> GetProdavci() throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException {
Connection conn = connect();
Statement st = (Statement) conn.createStatement();
st.executeQuery("select * from prodavac");
ResultSet rs = st.getResultSet();
List<Prodavac> pr = new ArrayList<Prodavac>();
while(rs.next()){
pr.add(new Prodavac(rs.getInt(1),rs.getString(2),rs.getString(3)));
//String ime = rs.getString(2);
}
conn.close();
return pr;
}
public static void Dodaj(String ime, String prezime) throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException{
Connection conn = connect();
PreparedStatement pst = conn.prepareStatement("insert into prodavac (id, ime, prezime) values (null,' ,' ) + ime, prezime;");
conn.close();
}
}
import java.awt.Button;
import java.awt.FlowLayout;
import java.awt.Frame;
import java.awt.List;
import java.awt.TextField;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JComboBox;
import javax.swing.JDialog;
import javax.swing.JOptionPane;
import javax.swing.JRootPane;
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/**
*
* @author v
*/
**public class Main** {
static TextField unos;
public static Prodavac odabrani_prodavac;
public static JComboBox c;
public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException, SQLException{
Frame f = new Frame("Biblioteka");
f.setSize(300, 300);
f.setLocation(300, 300);
f.setVisible(true);
f.setLayout(new FlowLayout());
c = new JComboBox();
List l = new List();
unos = new TextField(20);
f.add(unos);
unos.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
try {
MySQL.Dodaj(odabrani_prodavac.ime, odabrani_prodavac.prezime);
} catch (InstantiationException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (IllegalAccessException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (ClassNotFoundException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (SQLException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
});
Button b = new Button("obrisi");
b.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
if(odabrani_prodavac!=null)
try {
MySQL.Obrisi(odabrani_prodavac.id);
c.removeAllItems();
java.util.List<Prodavac> prlist = MySQL.GetProdavci();
for(Prodavac p: prlist)
c.addItem(p);
} catch (InstantiationException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (IllegalAccessException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (ClassNotFoundException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
} catch (SQLException ex) {
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
});
java.util.List<Prodavac> prlist = MySQL.GetProdavci();
for(Prodavac p: prlist)
c.addItem(p);
f.add(c);
f.add(b);
c.addItemListener(new ItemListener() {
@Override
public void itemStateChanged(ItemEvent e) {
if(e.getStateChange()==ItemEvent.SELECTED){
Prodavac p = (Prodavac)e.getItem();
odabrani_prodavac = p;
JOptionPane.showMessageDialog(null, "Odabrali ste: " + p.toString());
}
}
});
}
}
现在,如果你注意这一点,你可以看到delete()和gettAll()方法都很完美,但是插入方法让我很烦。如何解决这个有问题的代码,以便用户输入的文本存储到数据库中。请指教。谢谢!伊万
答案 0 :(得分:1)
将插入语句更改为
PreparedStatement pst = conn.prepareStatement("insert into prodavac (id, ime, prezime) values (null,'"+ime+"','"+prezime+"'" );
答案 1 :(得分:1)
PreparedStatement
提供占位符字符以防止SQL Injection攻击以及插入可能需要的任何引号。此外,如果id
是自动增量字段,您可以从SQL
中忽略此字段:
PreparedStatement pst =
conn.prepareStatement("insert into prodavac (ime, prezime) values (?, ?)");
pst.setString(1, ime);
pst.setString(2, prezime);
pst.executeUpdate();