我在实体对象部门生成这个类,我创建了名为departments_log的日志表(department_id号,entry_user号, entry_date date)当方法尝试将已删除的记录输入此表时,会出现此错误:
(不一致的数据类型:预期DATE得到NUMBER)
这是do_dml方法代码:
if (operation == DML_DELETE) {
FacesContext context = FacesContext.getCurrentInstance();
UserInfo user =
(UserInfo)context.getExternalContext().getSessionMap().get("userInfo");
Number deptID = new Number(getDepartmentId());
Date entryDate = new Date(Date.getCurrentDate());
Number entryUser = new Number(user.getEmployeeId());
String sql =
"insert into departments_log (DEPARTMENT_ID,entry_user,entry_date) values (" +
deptID + "," + entryUser + "," +
entryDate + ")";
PreparedStatement stm =
getDBTransaction().createPreparedStatement(sql, 1);
try {
stm.executeUpdate(sql);
} catch (SQLException f) {
System.out.println("delete errore"+f.getMessage()+Date.getCurrentDate());
}
}
答案 0 :(得分:2)
问题是您没有正确传递数据:您正在内联值(which is a major security risk in itself),而不是通过查询参数传递它们。
以下是解决问题的方法:
String sql = "insert into departments_log (DEPARTMENT_ID,entry_user,entry_date) values (?,?,?)";
PreparedStatement stm = getDBTransaction().createPreparedStatement(sql, 1);
stm.setInt(1, deptID);
stm.setString(2, entryUser.longValue());
stm.setDate(entryDate);
以上只是实现的框架。您需要添加null日期检查和Numbers,并进行其他修改以提高稳健性。
Link to a tutorial on using parameteriszed prepared statements.