这里我在将数据插入数据库时遇到错误。
在Oracle中或在该语句之后插入语句之前,我没有收到任何错误。
package com.socket;
import java.util.ArrayList;
import java.io.Serializable;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.*;
import java.sql.*;
import oracle.jdbc.*;
public class Message implements Serializable {
private static final long serialVersionUID = 1L;
public String type, sender, content, recipient;
public Message(String type, String sender, String content, String recipient) {
this.type = type;
this.sender = sender;
this.content = content;
this.recipient = recipient;
}
@Override
public String toString() {
SimpleDateFormat sdf = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
Calendar cal = Calendar.getInstance();
String Current = sdf.format(cal.getTime());
String Content1 = content + Current;
Connection conn = null;
String driverName = "oracle.jdbc.OracleDriver";
String url = "jdbc:oracle:thin:@172.16.0.35:1521:orcl";
String username = "itn"; //SET USERNAME
String password = "itn"; //SET PASSWORD
try {
if (conn == null) {
Class.forName(driverName);
conn = DriverManager.getConnection(url, username, password);
String Query = "INSERT INTO ENTRIES (SERIALNO, TYPE, SENDER, CONTENT, TIMER, RECIPIENT, CREATEDON) VALUES ((Select max(SERIALNO)+1 from ENTRIES), '"
+ type + "', '" + sender + "', '" + content + "', TO_DATE('" + Current
+ "', 'DD/MM/YYYY HH24:MI:SS'), '" + recipient + "', TO_DATE('"
+ Current + "', 'DD/MM/YYYY HH24:MI:SS'))";
System.out.println(Query);
Statement st = conn.createStatement();
st.executeUpdate("Query");
st.close();
}
} catch (Throwable t) {
System.out.println("error in setRepositoryConnection : " + t);
//logger.log("Unable to set connection ", "Repository.java", "Repository", t, Logger.CRITICAL);
}
return "{type='" + type + "', sender='" + sender + "', contentx='" + Content1 + "', recipient='" + recipient + "'}";
}
}
答案 0 :(得分:4)
这部分毫无意义:
System.out.println(Query);
Statement st = conn.createStatement();
st.executeUpdate("Query");
您需要执行查询并使用您构建的SQL:
int result = st.executeUpdate(Query);
最好的方法是使用PreparedStatement,因为它使代码更易读,更容易理解,它提供了参数的编译时检查,并为SQL注入提供了保护:
PreparedStatement statement = conn.prepareStatement();
statement.setInt(1, intVariable);