插入sql unknown字段

时间:2015-02-07 14:15:27

标签: java mysql sql insert-into

我正在使用带有eclipse的mys和用于数据库的mysql。我有一个用于连接数据库并将变量写入数据库的类。这就是那个类:

package model;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

public class AddChannelDb {
    public void AddToDb(String channelName, int channelNo)
        throws ClassNotFoundException, SQLException {

    String myDriver = "com.mysql.jdbc.Driver";
    String db = "jdbc:mysql://localhost/digiturkschema";
    Class.forName(myDriver);
    Connection conn = DriverManager.getConnection(db, "root",
            "****");
    Statement st = conn.createStatement();
    st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES ("+ channelNo + "," + channelName + ")");
}
}

这两个变量(channelName和channelNo)是由用户在我的视图类中输入的,来自textfield的get方法。我得到这些变量没有问题,我控制它但不知何故我不能写入我的数据库例如,当我为channelName输入“showTv”而为channelNo输入“21”时,我收到如下错误:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'showTv' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1053)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4120)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4052)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2503)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2664)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2788)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1816)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1730)
at model.AddChannelDb.AddToDb(AddChannelDb.java:18)
at controller.DigiTurkController$addChannelBtnListener.actionPerformed(DigiTurkController.java:47)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$400(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)

我搜索网络真的很难,但我找不到任何东西。它看起来像一个简单的问题,但我无法解决它。谢谢你的时间和帮助。(顺便说一下,我确信表名和变量名称是正确的。)

2 个答案:

答案 0 :(得分:2)

改变这个:

 st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES ("+ channelNo + "," + channelName + ")");

要:

st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES (\'"+ channelNo + "\',\'" + channelName + "\')");

基本上,您缺少要插入的值的引号。

请注意:我建议您使用preparedStatement,在那里您不必处理引号,并且您的SQL将是安全的,并且不会受到SQL注入的攻击,因为它现在处于当前状态。

答案 1 :(得分:1)

您不应该使用conn.createStatement(),而是使用con.prepareStatement(),它会保护您免受SQLInjection的攻击。<​​/ p>

您的代码如下所示:

String sql = "INSERT INTO channelstable(channelNo,channelName) VALUES ( ? , ? )";
Statement st = conn.prepareStatement(sql);

st.setInt(1, channelNo);    
st.setString(2, channelName);
st.executeUpdate(sql);