我一直在尝试执行sql插件,但它根本不起作用......任何人都有同样的问题吗?
java.sql.SQLException: General error
at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6986)
at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7114)
at sun.jdbc.odbc.JdbcOdbc.SQLExecDirect(JdbcOdbc.java:3110)
at sun.jdbc.odbc.JdbcOdbcStatement.execute(JdbcOdbcStatement.java:338)
at sun.jdbc.odbc.JdbcOdbcStatement.executeUpdate(JdbcOdbcStatement.java:288)
at GuardadoExamenes.doGet(GuardadoExamenes.java:72)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
这是我的代码......问题正好在“stmt.executeUpdate(SQL);”因为它在之前的终端打印。
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection conexion = DriverManager.getConnection("jdbc:odbc:Clickers");
Statement stmt = conexion.createStatement();
@SuppressWarnings("rawtypes")
Map m = req.getParameterMap();
@SuppressWarnings("rawtypes")
Set s = m.entrySet();
@SuppressWarnings("rawtypes")
Iterator it = s.iterator();
while(it.hasNext()){
@SuppressWarnings("unchecked")
Map.Entry<String,String[]> entry = (Map.Entry<String,String[]>)it.next();
String key = entry.getKey();
String[] value = entry.getValue();
System.out.println("Key is "+key);
if(value.length>1){
for (int i = 0; i < value.length; i++) {
System.out.println(value[i].toString());
}
}else
System.out.println("Value is "+ value[0].toString());
System.out.println(" ");
if (key.contains("answer")) {
}
else if (key.contains("pregunta")){
String sql = "SELECT COUNT(*) AS cPregunta FROM Preguntas WHERE cAsignatura=" + cAsignatura + "AND cTema=" + cTest;
ResultSet rs = stmt.executeQuery(sql);
rs.next();
int cPregunta = rs.getInt("cPregunta") + 1;
System.out.println(cPregunta);
String SQL = "INSERT INTO Preguntas (cAsignatura, cPregunta, cTema, Pregunta) VALUES (" + cAsignatura + ", " + cPregunta + ", " + cTest + ",'" + value[0].toString()+ "') ";
stmt.executeUpdate(SQL);
}
}
}catch(SQLException sqlException){
sqlException.printStackTrace();
System.out.println("");
}catch(ClassNotFoundException classNotFoundException){
classNotFoundException.printStackTrace();
System.out.println("");
}
答案 0 :(得分:0)
听起来Pedro Fabregat已在他的评论中提供了解决方案,但值得注意的是,最佳做法是利用PreparedStatement
进行此类更新。这样做可以正确地转义任何可以防止SQL注入攻击的输入,并且它还使SQL语句更加清晰,因为它们不会被字符串连接语句弄得乱七八糟。
例如:
String sql = "INSERT INTO Preguntas (cAsignatura, cPregunta, cTema, Pregunta) VALUES (?, ?, ?, ?)";
PreparedStatement preparedStatement = conn.prepareStatement(sql);
preparedStatement.setInt(1, cAsignatura);
preparedStatement.setInt(2, cPregunta);
preparedStatement.setInt(3, cTema);
preparedStatement.setString(4, Pregunta);
preparedStatement.executeUpdate();
preparedStatement.close();