Question

我不知道为什么当使用MySQL的其余代码完美运行时，它不想合作，只是当我尝试设置字符串时。

MySQLManager类：

我确实改变了一个表来添加另一列：

try
{
    McInfected.getMySQLManager().execute("ALTER TABLE McInfected ADD Rank VARCHAR(20);");
}
catch (SQLException e)
{
}

然后我的RanksManager类（得到一个设置排名的那个）

http://pastebin.com/T0nRKkv7

任何帮助都会非常感激，因为我几乎准备好扔掉我的电脑......

我试着查看其他问题以获得答案，但我真的无法理解如何在我的实例中修复它，据我所知，它与访问类型有关，但是我不确定如何解决它...

这是错误

11:29:49 PM [WARNING] com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'Knight' in 'field list' 11:29:49 PM [WARNING] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 11:29:49 PM [WARNING] at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) 11:29:49 PM [WARNING] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) 11:29:49 PM [WARNING] at java.lang.reflect.Constructor.newInstance(Unknown Source) 11:29:49 PM [WARNING] at com.mysql.jdbc.Util.handleNewInstance(Util.java:407) 11:29:49 PM [WARNING] at com.mysql.jdbc.Util.getInstance(Util.java:382) 11:29:50 PM [WARNING] at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052) 11:29:50 PM [WARNING] at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3593) 11:29:50 PM [WARNING] at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3525) 11:29:50 PM [WARNING] at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1986) 11:29:50 PM [WARNING] at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2140) 11:29:50 PM [WARNING] at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2620) 11:29:50 PM [WARNING] at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2570) 11:29:50 PM [WARNING] at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:779) 11:29:50 PM [WARNING] at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:622) 11:29:50 PM [WARNING] at com.bimmr.mcinfected.MySQL.MySQLManager.updateString(MySQLManager.java:338) 11:29:50 PM [WARNING] at me.bimmr.mcinfectedranks.Ranks.RankManager.setPlayersRank(RankManager.java:173)

Answer 1

在MySqlManager.updateString value中没有引用，也没有被转义。

this.statement.execute("UPDATE " + tableName
    + " SET " + columnName + "=" + value
    + " WHERE UUID ='" +

应该是：

this.statement.execute("UPDATE " + tableName
    + " SET " + columnName + "='" + value.replaceAll("'", "\\\\'")
    + "' WHERE UUID ='" +

更好的是：使用PreparedStatement进行转义和安全防范SQL注入。

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException：未知列＆＃39; Knight＆＃39;在＆＃39;字段列表＆＃39;

1 个答案: