需要帮助...
Connection cn = DriverManager.getConnection ("jdbc:mysql://localhost/posdb", "root", "");
PreparedStatement dat = cn.prepareStatement("INSERT INTO order VALUES('"+num+"',"+buyamount.elementAt(0)+","+buyamount.elementAt(1)+","+buyamount.elementAt(2)+","+buyamount.elementAt(3)+","+buyamount.elementAt(4)+","+buyamount.elementAt(5)+","+buyamount.elementAt(6)+","+buyamount.elementAt(7)+","+buyamount.elementAt(8)+","+buyamount.elementAt(9)+","+buyamount.elementAt(10)+","+buyamount.elementAt(11)+","+buyamount.elementAt(12)+","+buyamount.elementAt(13)+","+buyamount.elementAt(14)+","+buyamount.elementAt(15)+","+buyamount.elementAt(16)+","+buyamount.elementAt(17)+","+buyamount.elementAt(18)+","+buyamount.elementAt(19)+","+tot+","+tot2+","+(tot2-tot)+")");
System.out.println(dat);
dat.executeUpdate();
cn.close();
错误讯息:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order VALUES('20130605093640',1, 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9500,1200' at line 1
num是一个字符串,tot和tot2是整数,buyamount是整数的向量。
谢谢..任何帮助将不胜感激..
答案 0 :(得分:1)
Order是MySQL中的保留字 - 使用反引号:
INSERT INTO `order`...
答案 1 :(得分:0)
此外,您可能需要考虑以正确的方式使用预准备语句。这将有助于避免sql注入并使代码更易于阅读。
private static final String INSERT = "insert into myTable values(?,?,?)";
public void insertData(String varA, int numB, Date myDate) throws SQLException {
Connection cn=null;
PreparedStatement ps=null;
try {
cn = DriverManager.getConnection("...your connection string...");
ps = cn.prepareStatement(INSERT);
ps.setString(1, varA);
ps.setInt(2, numB);
ps.setDate(3, myDate);
ps.executeUpdate();
}catch(SQLException sqe) {
throw sqe;
} finally {
try {ps.close();}catch(Exception ex) {}
try {cn.close();}catch(Exception ex) {}
}
}