为什么在Java插入值到mysql时获取null空varchar记录和0作为日期记录?

时间:2014-07-24 05:27:56

标签: java mysql

我尝试使用Java从e​​clipse到MySQL插入一个roll。我没有收到错误通知。但是,当我从表中选择记录时,我在varchar type列和日期类型列中的0000-00-00中得到了空记录。

以下是代码:

import java.sql.*;

public class Database {
    public static void main(String[] args){     
        try{
            String url = "jdbc:mysql://localhost/employees";
            String user = "DDD";
            String pwd = "123456";

            Class.forName("com.mysql.jdbc.Driver").newInstance();
            Connection conn = DriverManager.getConnection(url, user, pwd);
            Statement stmt = conn.createStatement();
            ResultSet rs = stmt.executeQuery("select * from employees");
            PreparedStatement ps = null;

            AddEmployees newAddEmployees = new AddEmployees("555-55-5555", "DDD", "LLL", "1990-1-1", "programmerEmployee", "DEVELOP");
            ps = conn.prepareStatement(newAddEmployees.Insert());
            ps.executeUpdate();

            while (rs.next()){
                String socialSecurityNumber = rs.getString("socialSecurityNumber");
                String firstName = rs.getString("firstName");
                String lastName = rs.getString("lastName");
                String birthday = rs.getString("birthday");
                String employeeType = rs.getString("employeeType");
            String departmentName = rs.getString("departmentName");
                System.out.println(socialSecurityNumber + ", " + firstName + ", " + lastName + ", " + birthday + ", " + employeeType + ", " + departmentName);
            }

            rs.close();
            conn.close();
       }
       catch(Exception ex){
            System.out.println("Error: " + ex.toString());
       }
    }
}

以下是AddEmployees类中的其他代码:

public class AddEmployees extends Employees{

public AddEmployees(String socialSecurityNumber, String firstName, String lastName, String birthday,
        String employeeType, String departmentName) {
    this.socialSecurityNumber = socialSecurityNumber;
    this.firstName = firstName;
    this.lastName = lastName;
    this.birthday = birthday;
    this.employeeType = employeeType;
    this.departmentName = departmentName;
}

@Override
public String Insert() {
    return SQLStatement = "insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName)"
            + "values (+socialSecurityNumber, +firstName, +lastName, +birthday, +employeeType, +departmentName)";
}

}

这是我在MySQL中得到的:

mysql> select * from employees;
    +----------------------+-----------+----------+------------+----------------------------+----------------+
    | socialSecurityNumber | firstName | lastName | birthday   | employeeType               | departmentName |
    +----------------------+-----------+----------+------------+----------------------------+----------------+
    |                      |           |          | 0000-00-00 |                            |                |
    | 111-11-1111          | John      | Smith    | 1945-01-02 | salariedEmployee           | R&D            |
    | 222-22-2222          | Sue       | Jones    | 1961-02-03 | commissionEmployee         | SALES          |
    | 333-33-3333          | Bob       | Lowis    | 1958-10-05 | basePlusCommissionEmployee | SALES          |
    | 444-44-4444          | Karen     | Price    | 1972-05-25 | hourlyEmployee             | HR             |
    +----------------------+-----------+----------+------------+-------------------

---------+----------------+
5 rows in set (0.02 sec)

1 个答案:

答案 0 :(得分:1)

您的Insert()方法返回文字字符串

insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName)
values (+socialSecurityNumber, +firstName, +lastName, +birthday, +employeeType, +departmentName)

您可能会插入参数而不是+socialSecurityNumber+firstName,... - 但您返回的只是一个静态字符串。由于您的值是表的有效列名,因此不会出现错误,并且将插入的内容是列的默认值。

你不应该尝试使用字符串替换来创建SQL查询,这只会导致代码中出现SQL注入漏洞。

这就是PreparedStatements are intended to be used

的方式 
PreparedStatement ps = conn.prepareStatement("insert into employees(socialSecurityNumber, firstName, lastName, birthday, employeeType, departmentName) "
    + "values (?, ?, ?, ?, ?, ?)");
ps.setInt(1, socialSecurityNumber);
ps.setString(2, firstName);
...
ps.executeUpdate();
相关问题
最新问题