我正在编写一个代码,它在输出屏幕上显示输出。但是,当我将数据库链接到它时,它会出现某些类型的错误,我在Google上搜索了很多但无法获得帮助。
import java.net.URL;
import java.io.*;
import java.util.ArrayList;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
public class Test{
public ArrayList lines=new ArrayList();// global list contain <item>.......</item>
public static void main(String[] args) throws Exception {
Test obj= new Test();
/* String proxy="172.16.4.7"; //proxy address
String port= "1117"; //proxy port
System.setProperty("http.proxyHost" , proxy); //setting proxy
System.setProperty("http.proxyPort", port); //setting proxy port
*/
URL url = new URL("http://feeds.feedburner.com/geo/GiKR"); //geo url
BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
String line;
line=in.readLine(); //skiping first line of xml version
line= in.readLine();
if (line.contains("<item>")) {
while(line.contains("<item>")) {
line = obj.extractItem(line); //extraction <item>a nd </item> from origional news feed
}
}
}
String extractItem(String line){
int start=0, end=0,length=0;
start= line.indexOf("<item>");
end= line.indexOf("</item>");
length= line.length();
try{
String host = "jdbc:derby://localhost:1527/NewsFinal";
String uName="ashfaq";
String pass="pakistan";
Connection con = DriverManager.getConnection( host, uName, pass );
Statement stmt= con.createStatement();
//lines.add(line.substring(start+6, end));
String item=line.substring(start+6, end+7);
//System.out.println(item);
//String query="INSERT INTO ITEMS2(ITEM) VALUES(" + "'"+item+"'"+")";
String query="insert into ITEMS(ITEMDATA) values("+"'" + item + "'"+")";
stmt.executeUpdate(query);
}
catch(SQLException err)
{System.out.println(err.getMessage());}
//System.out.println(line.substring(start+6, end+7)); //strat+6 to remove item tag, start+13 removes item and title tag
return line.substring(0,start) + line.substring(end+6,length);
}
}
以下是由它生成的输出:
run:
Syntax error: Encountered "1" at line 1, column 318.
Syntax error: Encountered "1" at line 1, column 330.
Syntax error: Encountered "1" at line 1, column 342.
Syntax error: Encountered "1" at line 1, column 318.
Syntax error: Encountered "1" at line 1, column 330.
Syntax error: Encountered "1" at line 1, column 326.
Syntax error: Encountered "1" at line 1, column 351.
Syntax error: Encountered "1" at line 1, column 319.
Syntax error: Encountered "1" at line 1, column 299.
Syntax error: Encountered "1" at line 1, column 328.
Syntax error: Encountered "1" at line 1, column 307.
Syntax error: Encountered "1" at line 1, column 331.
Syntax error: Encountered "1" at line 1, column 334.
Syntax error: Encountered "1" at line 1, column 319.
Syntax error: Encountered "1" at line 1, column 334.
Syntax error: Encountered "1" at line 1, column 307.
Syntax error: Encountered "1" at line 1, column 325.
Syntax error: Encountered "1" at line 1, column 301.
Syntax error: Encountered "1" at line 1, column 312.
Syntax error: Encountered "1" at line 1, column 306.
Syntax error: Encountered "1" at line 1, column 327.
Syntax error: Encountered "1" at line 1, column 342.
Syntax error: Encountered "1" at line 1, column 333.
Syntax error: Encountered "1" at line 1, column 338.
Syntax error: Encountered "1" at line 1, column 329.
BUILD SUCCESSFUL (total time: 3 seconds)
在函数extractItem(String line)中,当我取消注释时
System.out.println(item);
它显示输出很好,但无法插入我用它创建的数据库。
数据库进展顺利我从gui插入数据并且它也起作用,也来自执行命令,但不知道为什么会出现这个错误。
答案 0 :(得分:0)
只是在任意字符串周围加上引号,如果它包含另一个引号并且让你对SQL Injection攻击敞开大门,那么它就不足以使其作为值有效。
使用PreparedStatement并设置值。
您还要为每件商品创建新的Connection和Statement,而不是关闭任何商品。