我偶然发现了一个错误,我花了3个小时试图修复。 我正在尝试将我的服务器中的一些数据保存到我的webhost上的mysql数据库中。 我已经在我的远程sql中设置了我的vps ip。 但我陷入了一个mysql语法错误。 如果你能帮助我,我将非常感激, 提前谢谢!
我的控制台:
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your S
QL syntax; check the manual that corresponds to your MySQL server version for th
e right syntax to use near '' at line 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2941)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1623)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1715)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3243)
at com.mysql.jdbc.Statement.executeUpdate(Statement.java:1343)
at com.mysql.jdbc.Statement.executeUpdate(Statement.java:1260)
at org.dementhium.mysql.hiscores.query(hiscores.java:53)
at org.dementhium.mysql.hiscores.saveHighScore(hiscores.java:80)
我的java文件:
package org.dementhium.mysql;
import java.sql.SQLException;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import org.dementhium.model.player.Player;
import org.dementhium.model.player.Skills;
import org.dementhium.model.player.Skills;
import org.dementhium.mysql.DatabaseManager;
/**
*
* @author 'Mystic Flow <Steven@rune-server.org>
*/
@SuppressWarnings("unused")
public class hiscores extends Thread {
public static final String[] SKILLS = {"Attack", "Defence",
"Strength", "Constitution", "Ranged", "Prayer", "Magic", "Cooking",
"Woodcutting", "Fletching", "Fishing", "Firemaking", "Crafting",
"Smithing", "Mining", "Herblore", "Agility", "Thieving", "Slayer",
"Farming", "Runecrafting", "Hunter", "Construction", "Summoning",
"Dungeoneering"
};
public static Connection con = null;
public static Statement stmt;
public static boolean connectionMade;
public static void createConnection() {
try {
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection("jdbc:mysql://slash-scape.org/slash756_highsco","slash756_highsco","");
stmt = con.createStatement();
System.out.println("Highscores updated for ");
} catch (Exception e) {
e.printStackTrace();
}
}
public static ResultSet query(String s) throws SQLException {
try {
if (s.toLowerCase().startsWith("select")) {
ResultSet rs = stmt.executeQuery(s);
rs.updateRow();
return rs;
} else {
stmt.executeUpdate(s);
}
return null;
} catch (Exception e) {
destroyConnection();
createConnection();
e.printStackTrace();
System.out.println("Highscores updated for,hgjhkhkjhkj ");
}
return null;
}
public static void destroyConnection() {
try {
stmt.close();
con.close();
connectionMade = false;
} catch (Exception e) {
e.printStackTrace();
}
}
public static boolean saveHighScore(Player player) {
try {
//query("DELETE FROM `highscores` WHERE username = '"+player.getUsername()+"';");
//query("DELETE FROM `highscores` WHERE username = '"+player.getUsername()+"';");
System.out.println("Highscores updated for,hgjhkhkjhkj ");
query("INSERT INTO `highscores` (`username`,`attack_xp`,`defence_xp`,`strength_xp`,`hitpoints_xp`,`ranged_xp`,`prayer_xp`,`magic_xp`,`cooking_xp`,`woodcutting_xp`,`fletching_xp`,`fishing_xp`,`firemaking_xp`,`crafting_xp`,`smithing_xp`,`mining_xp`,`herblore_xp`,`agility_xp`,`thieving_xp`,`slayer_xp`,`farming_xp`,`runecraft_xp`,`hunter_xp`,`construction_xp`,`summoning_xp`,`dungeoneering_xp`,`overall_xp`,`rights`) VALUES ("+player.getUsername()+","+player.getSkills().getXp(0)+","+player.getSkills().getXp(1)+","+player.getSkills().getXp(2)+","+player.getSkills().getXp(3)+","+player.getSkills().getXp(4)+","+player.getSkills().getXp(5)+","+player.getSkills().getXp(6)+","+player.getSkills().getXp(7)+","+player.getSkills().getXp(8)+","+player.getSkills().getXp(9)+","+player.getSkills().getXp(10)+","+player.getSkills().getXp(11)+","+player.getSkills().getXp(12)+","+player.getSkills().getXp(13)+","+player.getSkills().getXp(14)+","+player.getSkills().getXp(15)+","+player.getSkills().getXp(16)+","+player.getSkills().getXp(17)+","+player.getSkills().getXp(18)+","+player.getSkills().getXp(19)+","+player.getSkills().getXp(20)+","+player.getSkills().getXp(21)+","+player.getSkills().getXp(22)+","+player.getSkills().getXp(23)+","+player.getSkills().getXp(24)+","+((player.getSkills().getXp(0)) + (player.getSkills().getXp(1)) + (player.getSkills().getXp(2)) + (player.getSkills().getXp(3)) + (player.getSkills().getXp(4)) + (player.getSkills().getXp(5)) + (player.getSkills().getXp(6)) + (player.getSkills().getXp(7)) + (player.getSkills().getXp(8)) + (player.getSkills().getXp(9)) + (player.getSkills().getXp(10)) + (player.getSkills().getXp(11)) + (player.getSkills().getXp(12)) + (player.getSkills().getXp(13)) + (player.getSkills().getXp(14)) + (player.getSkills().getXp(15)) + (player.getSkills().getXp(16)) + (player.getSkills().getXp(17)) + (player.getSkills().getXp(18)) + (player.getSkills().getXp(19)) + (player.getSkills().getXp(20)) + (player.getSkills().getXp(21)) + (player.getSkills().getXp(22)) + (player.getSkills().getXp(23)) + (player.getSkills().getXp(24)))+","+player.getRights()+";");
//query("INSERT INTO `skillsoverall` (`playerName`,`lvl`,`xp`, `prestige`) VALUES ('"+player.getUsername()+"',"+(player.getSkills().getLevel(0) + player.getSkills().getLevel(1) + player.getSkills().getLevel(2) + player.getSkills().getLevel(3) + player.getSkills().getLevel(4) + player.getSkills().getLevel(5) + player.getSkills().getLevel(24) + player.getSkills().getLevel(6) + player.getSkills().getLevel(7) + player.getSkills().getLevel(8) + player.getSkills().getLevel(9) + player.getSkills().getLevel(10) + player.getSkills().getLevel(11) + player.getSkills().getLevel(12) + player.getSkills().getLevel(13) + player.getSkills().getLevel(14) + player.getSkills().getLevel(15) + player.getSkills().getLevel(16) + player.getSkills().getLevel(17) + player.getSkills().getLevel(18) + player.getSkills().getLevel(19) + player.getSkills().getLevel(20) + player.getSkills().getLevel(21) + player.getSkills().getLevel(22) + player.getSkills().getLevel(23))+" ,"+((player.getSkills().getXp(0)) + (player.getSkills().getXp(1)) + (player.getSkills().getXp(2)) + (player.getSkills().getXp(3)) + (player.getSkills().getXp(4)) + (player.getSkills().getXp(5)) + (player.getSkills().getXp(6)) + (player.getSkills().getXp(7)) + (player.getSkills().getXp(8)) + (player.getSkills().getXp(9)) + (player.getSkills().getXp(10)) + (player.getSkills().getXp(11)) + (player.getSkills().getXp(12)) + (player.getSkills().getXp(13)) + (player.getSkills().getXp(14)) + (player.getSkills().getXp(15)) + (player.getSkills().getXp(16)) + (player.getSkills().getXp(17)) + (player.getSkills().getXp(18)) + (player.getSkills().getXp(19)) + (player.getSkills().getXp(20)) + (player.getSkills().getXp(21)) + (player.getSkills().getXp(22)) + (player.getSkills().getXp(23)) + (player.getSkills().getXp(24)))+";");
} catch (Exception e) {
e.printStackTrace();
return false;
}
return true;
}
}
我的MySQL数据库查询:
CREATE TABLE IF NOT EXISTS `highscores` (
`id` int(11) NOT NULL primary key AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`rights` int(1) NOT NULL DEFAULT '0',
`overall_xp` bigint(20) NOT NULL,
`attack_xp` int(11) NOT NULL,
`defence_xp` int(11) NOT NULL,
`strength_xp` int(11) NOT NULL,
`constitution_xp` int(11) NOT NULL,
`ranged_xp` int(11) NOT NULL,
`prayer_xp` int(11) NOT NULL,
`magic_xp` int(11) NOT NULL,
`cooking_xp` int(11) NOT NULL,
`woodcutting_xp` int(11) NOT NULL,
`fletching_xp` int(11) NOT NULL,
`fishing_xp` int(11) NOT NULL,
`firemaking_xp` int(11) NOT NULL,
`crafting_xp` int(11) NOT NULL,
`smithing_xp` int(11) NOT NULL,
`mining_xp` int(11) NOT NULL,
`herblore_xp` int(11) NOT NULL,
`agility_xp` int(11) NOT NULL,
`thieving_xp` int(11) NOT NULL,
`slayer_xp` int(11) NOT NULL,
`farming_xp` int(11) NOT NULL,
`runecrafting_xp` int(11) NOT NULL,
`hunter_xp` int(11) NOT NULL,
`construction_xp` int(11) NOT NULL,
`summoning_xp` int(11) NOT NULL,
`dungeoneering_xp` int(11) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
答案 0 :(得分:1)
我认为您通过不引用Strings错误地构建了查询。如果您的字符串中有其他引号,那么这只会变得复杂!
要解决此问题,请使用PreparedStatement。它不仅更简单,更安全,而且有助于防止SQL注入攻击。
基本示例:
final static String INSERT_QUERY = "INSERT INTO highscores (username,attack_xp,defence_xp) values(?,?,?)"; // Etc...
PreparedStatement ps = connection.prepareStatement(INSERT_QUERY);
ps.setString(1, player.getUsername());
ps.setInt(2, player.getAttackXp());
ps.setInt(3, player.getDefenseXp());
// etc.
ps.execute();
答案 1 :(得分:0)
您的查询不正确,其中一个错误是varchar应该包含'您没有这样做,也是凌乱且容易受到攻击所以请使用PreparedStatement代替