如何从Java中的txt文件中读取sql查询

时间:2014-02-14 17:32:38

标签: java sql sql-server oracle bufferedreader

我有一些正在向数据库发送查询的类。当查询在代码中时,一切都运行正常,但由于它非常大,我决定把它放在一个文件中并用缓冲读取器读取它,但它不起作用,我总是得到这个:

  

java.sql.SQLException:ORA-00900:无效的SQL语句

这是我的问题:

SELECT 
             p.first_name           \"FirstName\",  
             p.middle_name          \"MiddleName\",  
             p.last_name            \"LastName\", 
             p.birth_name           \"BirthName\",
             p.mothers_name         \"MothersName\",
             p.nick_name            \"NickName\",
             p.username             \"Username\",
             p.currency_id          \"Currency\",
             p.preferred_language_id    \"PreferredLanguage\",
             p.accepts_email        \"AcceptsEmail\",
             p.birth_date           \"BirthDate\",
             p.hear_about_us        \"HeardAboutUs\",
             p.tax_category_id      \"TaxCategory\",
             p.birth_place          \"BirthPlace\",
             p.accepts_id_verification      \"AcceptsIdentityVerification\",
             p.security_prompt      \"SecurityPrompt\",
             p.gender_id            \"Gender\",
             p.tracking_campaign_name   \"TrackingCampaign\", 
             p.accepts_sms          \"AcceptsSMS\",
             p.accepts_promotional_sms  \"AcceptsPromotionalSMS\", 
             p.identification_number    \"IdentificationNumber\", 
             p.id_verified_id       \"IdentificationVerified\", 
             p.security_word        \"SecurityWord\", 
             p.ident_manual_verified_until  \"IdentificationManualVerified\",
             p.accepts_chat         \"AcceptsChat\", 
             p.frequent_player_level_id     \"FrequentPlayerLevel\", 
             p.preferred_comm_channel   \"PreferredCommunicationChannel\", 
             p.is_reward_abuser         \"IsRewardAbuser\", 
             p.newsletter_id        \"Newsletter\", 
             p.accepts_rewards      \"AcceptsRewards\", 
             ci.postal_code         \"PostalCode\", 
             ci.country_id          \"Country\", 
             ci.region          \"Region\", 
             ci.email           \"Email\",
             ci.address1            \"Address1\", 
             ci.address2            \"Address2\", 
             ci.address3            \"Address3\", 
             ci.phone1          \"Phone1\",
             ci.phone2          \"Phone2\",
             ci.city            \"City\", 
             ci.mobile_phone        \"MobilePhone\", 
             ci.address_state_id        \"AddressVerified\" 

     FROM 
             player p 
             JOIN contact_info ci     ON p.CONTACT_INFO_ID = ci.CONTACT_INFO_ID 
             JOIN player_session ps  ON p.PLAYER_ID = ps.PLAYER_ID 
     WHERE 
             ps.external_client_session_id = \'$sessionID\'

以下是我正在使用的代码:

String query = "";
    try{
        BufferedReader bufferedReader = new BufferedReader(
                                        new FileReader("templates\\sqlQueries\\GetPlayerDetails.txt")
                                                            );
        while(bufferedReader.readLine()!=null){
             query = new StringBuilder().append(query).append(bufferedReader.readLine()).toString();
        }
    }
    catch (FileNotFoundException e){
        e.printStackTrace();
    }
    catch (IOException e){
        e.printStackTrace();
    }
    query = query.replace("$sessionID", sessionID);

1 个答案:

答案 0 :(得分:8)

您只需要在Java字符串文字中转义双引号。如果您正在从文件中读取SQL查询,那么Java对于文件中未转义的双引号没有任何问题。

取出文件中双引号的所有转义符,它应该可以正常工作。

p.first_name           "FirstName",

另外,在StringBuilder循环之前创建while,这样每次都不会重新开始,并且每次迭代都不会读取两行:

StringBuilder sb = new StringBuilder();
String line;
while ((line = bufferedReader.readLine()) != null)
{
    sb.append(line);
}
query = sb.toString();

此外,不是在末尾替换会话ID值的单引号(这将起作用),而是使用? JDBC占位符,并使用PreparedStatement绑定会话ID之前你执行查询。这将阻止可能的SQL注入尝试,例如如果sessionID是字符串:

Robert'); DROP TABLE players; --
相关问题
最新问题