我试图通过将表中的值与我从ID号中捕获的有关用户的变量进行比较,从数据库中的另一个表中将值插入到表中。
我收到以下错误:
java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Missing semicolon (;) at end of SQL statement.
以下是我用来尝试上述代码的代码:
Statement stmt1 = con.createStatement();
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= " + details.getAge() + "AND Group_MaxAge >= " + details.getAge() + "AND Group_Gender = 'details.getGender()'";
stmt1.executeUpdate(mySqlStatement1);
答案 0 :(得分:3)
暂时搁置关于SQL注入攻击的标准警告,你的陈述的问题是你错误地引用你的引号并且在AND
s之前没有空格:
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= "
+ details.getAge()
+ " AND Group_MaxAge >= " // Add space
+ details.getAge()
+ " AND Group_Gender = '" // Add space
+ details.getGender() // This part was enclosed in double-quotes
+ "';"; // Add semicolon at the end
为防止注入攻击,您应该参数化查询,并将值绑定到预准备语句的参数:
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= ? AND Group_MaxAge >= ? AND Group_Gender = ?;";