SQL语句中ExecuteUpdate的常规错误

时间:2013-04-22 23:08:42

标签: java sql database servlets odbc

我一直在尝试执行sql插件,但它根本不起作用......任何人都有同样的问题吗?

    java.sql.SQLException: General error
        at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6986)
        at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7114)
        at sun.jdbc.odbc.JdbcOdbc.SQLExecDirect(JdbcOdbc.java:3110)
        at sun.jdbc.odbc.JdbcOdbcStatement.execute(JdbcOdbcStatement.java:338)
        at sun.jdbc.odbc.JdbcOdbcStatement.executeUpdate(JdbcOdbcStatement.java:288)
        at GuardadoExamenes.doGet(GuardadoExamenes.java:72)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:619)

这是我的代码......问题正好在“stmt.executeUpdate(SQL);”因为它在之前的终端打印。

    try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
        Connection conexion = DriverManager.getConnection("jdbc:odbc:Clickers");
        Statement stmt = conexion.createStatement();

        @SuppressWarnings("rawtypes")
        Map m = req.getParameterMap();
        @SuppressWarnings("rawtypes")
        Set s = m.entrySet();
        @SuppressWarnings("rawtypes")
        Iterator it = s.iterator();

        while(it.hasNext()){

            @SuppressWarnings("unchecked")
            Map.Entry<String,String[]> entry = (Map.Entry<String,String[]>)it.next();

            String key = entry.getKey();
            String[] value = entry.getValue();

            System.out.println("Key is "+key);

            if(value.length>1){    
                for (int i = 0; i < value.length; i++) {
                    System.out.println(value[i].toString());
                }
            }else
                System.out.println("Value is "+ value[0].toString());
                System.out.println(" ");

            if (key.contains("answer")) {

            }
            else if (key.contains("pregunta")){
                String sql = "SELECT COUNT(*) AS cPregunta FROM Preguntas WHERE cAsignatura=" + cAsignatura + "AND cTema=" + cTest;
                ResultSet rs = stmt.executeQuery(sql);
                rs.next();
                int cPregunta = rs.getInt("cPregunta") + 1;
                System.out.println(cPregunta);

                String SQL = "INSERT INTO Preguntas (cAsignatura, cPregunta, cTema, Pregunta) VALUES (" + cAsignatura + ", " + cPregunta + ", " + cTest + ",'" + value[0].toString()+ "') ";
                stmt.executeUpdate(SQL);
            }

        }

    }catch(SQLException sqlException){
        sqlException.printStackTrace();
        System.out.println("");
    }catch(ClassNotFoundException classNotFoundException){
        classNotFoundException.printStackTrace();
        System.out.println("");
    }

1 个答案:

答案 0 :(得分:0)

听起来Pedro Fabregat已在他的评论中提供了解决方案,但值得注意的是,最佳做法是利用PreparedStatement进行此类更新。这样做可以正确地转义任何可以防止SQL注入攻击的输入,并且它还使SQL语句更加清晰,因为它们不会被字符串连接语句弄得乱七八糟。

例如:

String sql = "INSERT INTO Preguntas (cAsignatura, cPregunta, cTema, Pregunta) VALUES (?, ?, ?, ?)";

PreparedStatement preparedStatement = conn.prepareStatement(sql);
preparedStatement.setInt(1, cAsignatura);
preparedStatement.setInt(2, cPregunta);
preparedStatement.setInt(3, cTema);
preparedStatement.setString(4, Pregunta);

preparedStatement.executeUpdate();
preparedStatement.close();