如何将Java变量插入MySQL查询?

时间:2013-11-18 23:03:23

标签: java mysql jdbc

我正在尝试为我的MySQL数据库创建一个注册系统。我创建了一个Java表单,用户可以在其中插入用户名,密码和电子邮件。我采用该信息并将其存储在变量中。 MySQL连接代码有效,它确实插入了一个新行,但MySQL页面上的信息是空白的。我做错了什么?

public class Main extends JFrame {

private static final long serialVersionUID = 1L;

private JPanel contentPane;
private JTextField textField;
private JPasswordField passwordField;

private static Connection con;
private static PreparedStatement st;
private static int rs;

String username;
String password;
String email;
private JTextField textField_1;

String insertTableSQL = "INSERT INTO `users`" + "(username, password, email) VALUES" + "(?,?,?)";

public static void main(String[] args) {
    EventQueue.invokeLater(new Runnable() {
        public void run() {
            try {
                Main frame = new Main();
                frame.setVisible(true);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    });
}

public Main() {
    setResizable(false);
    setTitle("Barrage : Login / Register");
    setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
    setBounds(100, 100, 350, 200);
    contentPane = new JPanel();
    contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));
    setContentPane(contentPane);
    contentPane.setLayout(null);

    JLabel lblNewLabel = new JLabel("Username: ");
    lblNewLabel.setBounds(60, 25, 68, 20);
    contentPane.add(lblNewLabel);

    JLabel lblPassword = new JLabel("Password: ");
    lblPassword.setBounds(60, 59, 68, 20);
    contentPane.add(lblPassword);

    textField = new JTextField();
    username = textField.getText();
    textField.setBounds(138, 22, 120, 26);
    contentPane.add(textField);
    textField.setColumns(10);

    passwordField = new JPasswordField();
    password = passwordField.getText();
    passwordField.setBounds(138, 56, 120, 26);
    contentPane.add(passwordField);

    JButton btnRegister = new JButton("Register");
    btnRegister.addActionListener(new ActionListener() {

        public void actionPerformed(ActionEvent arg0) {
            try{
                Class.forName("com.mysql.jdbc.Driver");
                con = DriverManager.getConnection("jdbc:mysql://localhost:3306/barrage", "root", "");
                st = con.prepareStatement(insertTableSQL);
                st.setString(1, username);
                st.setString(2, password);
                st.setString(3, email);
                st.executeUpdate();
            } catch(Exception e) {
                e.printStackTrace();
            }
        }

    });
    btnRegister.setBounds(119, 138, 89, 23);
    contentPane.add(btnRegister);

    JLabel lblEmail = new JLabel("E-mail: ");
    lblEmail.setBounds(60, 96, 68, 20);
    contentPane.add(lblEmail);

    textField_1 = new JTextField();
    email = textField_1.getText();
    textField_1.setBounds(138, 93, 120, 26);
    contentPane.add(textField_1);
    textField_1.setColumns(10);
}

}

1 个答案:

答案 0 :(得分:7)

不要这样做。这是一个名为SQL Injection的安全漏洞。而是使用带有变量绑定的PreparedStatement(例如:?)。 Here is a tutorial.

至于为什么它在数据库中是空白的(我认为你说的是​​这个),你将不得不证明这些变量的值在传统调试中不是空白的。 IMO,如果您的表设置了正确的约束(例如:not null),它甚至不会让您首先插入该无效状态。