我的框架有两个文本框和一个保存按钮,
第一个文本字段取id和第二个取名,当我点击按钮时,此信息应保存在数据库中。
public class d4 extends JFrame implements ActionListener {
Connection con;
String dbName = "mydb";
String bdUser = "root";
String dbPassword = "2323";
String dbUrl = "jdbc:mysql://localhost/mydb";
JButton okButton;
JTextField tf1;
JTextField tf2;
String id;
String name;
public d4() {
add(mypanel(), BorderLayout.PAGE_START);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setSize(400, 500);
setLocation(300, 30);
setVisible(true);
}
public JPanel mypanel() {
JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT));
okButton = new JButton("Ok");
okButton.addActionListener(this);
tf1 = new JTextField(10);
tf2 = new JTextField(10);
panel.add(okButton);
panel.add(tf1);
panel.add(tf2);
return panel;
}
public static void main(String[] args) {
new d4();
}
@Override
public void actionPerformed(ActionEvent e) {
if (e.getSource() == okButton) {
id = tf1.getText();
name = tf2.getText();
try {
con = DriverManager.getConnection(dbUrl, bdUser, dbPassword);
System.out.println("Connected to database successfully!");
} catch (SQLException ex) {
System.out.println("Could not connect to database");
}
excuteQuery(id, name);
}
}
public void excuteQuery(String ID, String NAME) {
try {
Statement st1 = con.createStatement();
ResultSet result1 = st1.executeQuery("select mytable");
st1.execute("insert into mytable values ( " + ID + "," + NAME + ")");
} catch (SQLException ex) {
System.out.println("execute time exception");
ex.printStackTrace();
}
}
}
输出:
Connected to database successfully!
execute time exception
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'mytable' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2618)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1557)
at JDBCtest.d4.excuteQuery(d4.java:86)
...
答案 0 :(得分:3)
不要忘记引号
st1.execute("insert into mytable values ( '" + ID + "', '" + NAME + "')");
不要忘记关闭数据库连接
excuteQuery(id, name);
con.close();
我猜测没有必要在
之前执行选择// ResultSet result1 = st1.executeQuery("select mytable");
而且,由于您接受来自用户的输入,因此您对SQL注入攻击持开放态度。改为使用PreparedStatement.executeUpdate()
:
Statement ps = con.prepareStatement("INSERT INTO mytable VALUES (?, ?)");
ps.setString(1, ID);
ps.setString(2, NAME);
ps.executeUpdate();
PreparedStatement也会处理报价。