JDBC插入值

时间:2013-06-24 15:35:10

标签: java jdbc

我的框架有两个文本框和一个保存按钮,

第一个文本字段取id和第二个取名,当我点击按钮时,此信息应保存在数据库中。

public class d4 extends JFrame implements ActionListener {

Connection con;
String dbName = "mydb";
String bdUser = "root";
String dbPassword = "2323";
String dbUrl = "jdbc:mysql://localhost/mydb";
JButton okButton;
JTextField tf1;
JTextField tf2;
String id;
String name;

public d4() {

    add(mypanel(), BorderLayout.PAGE_START);
    setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
    setSize(400, 500);
    setLocation(300, 30);
    setVisible(true);
}

public JPanel mypanel() {
    JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT));
    okButton = new JButton("Ok");
    okButton.addActionListener(this);
    tf1 = new JTextField(10);
    tf2 = new JTextField(10);
    panel.add(okButton);
    panel.add(tf1);
    panel.add(tf2);
    return panel;
}

public static void main(String[] args) {
    new d4();
}

@Override
public void actionPerformed(ActionEvent e) {
    if (e.getSource() == okButton) {
        id = tf1.getText();
        name = tf2.getText();
        try {
            con = DriverManager.getConnection(dbUrl, bdUser, dbPassword);
            System.out.println("Connected to database successfully!");

        } catch (SQLException ex) {
            System.out.println("Could not connect to database");
        }
        excuteQuery(id, name);
    }
}

public void excuteQuery(String ID, String NAME) {
    try {
        Statement st1 = con.createStatement();
        ResultSet result1 = st1.executeQuery("select mytable");
        st1.execute("insert into mytable values ( " + ID + "," + NAME + ")");


    } catch (SQLException ex) {
        System.out.println("execute time exception");
        ex.printStackTrace();
    }
}
}

输出:

enter image description here

 Connected to database successfully!
 execute time exception
 com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'mytable' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2618)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1557)
at JDBCtest.d4.excuteQuery(d4.java:86)
    ...

1 个答案:

答案 0 :(得分:3)

  • 不要忘记引号

    st1.execute("insert into mytable values ( '" + ID + "', '" + NAME + "')");
    
  • 不要忘记关闭数据库连接

    excuteQuery(id, name);
    con.close();
    
  • 我猜测没有必要在

    之前执行选择
    // ResultSet result1 = st1.executeQuery("select mytable");
    
  • 而且,由于您接受来自用户的输入,因此您对SQL注入攻击持开放态度。改为使用PreparedStatement.executeUpdate()

    Statement ps = con.prepareStatement("INSERT INTO mytable VALUES (?, ?)");
    
    ps.setString(1, ID);
    ps.setString(2, NAME);
    
    ps.executeUpdate();
    

    PreparedStatement也会处理报价。