我正在使用带有eclipse的mys和用于数据库的mysql。我有一个用于连接数据库并将变量写入数据库的类。这就是那个类:
package model;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
public class AddChannelDb {
public void AddToDb(String channelName, int channelNo)
throws ClassNotFoundException, SQLException {
String myDriver = "com.mysql.jdbc.Driver";
String db = "jdbc:mysql://localhost/digiturkschema";
Class.forName(myDriver);
Connection conn = DriverManager.getConnection(db, "root",
"****");
Statement st = conn.createStatement();
st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES ("+ channelNo + "," + channelName + ")");
}
}
这两个变量(channelName和channelNo)是由用户在我的视图类中输入的,来自textfield的get方法。我得到这些变量没有问题,我控制它但不知何故我不能写入我的数据库例如,当我为channelName输入“showTv”而为channelNo输入“21”时,我收到如下错误:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'showTv' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1053)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4120)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4052)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2503)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2664)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2788)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1816)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1730)
at model.AddChannelDb.AddToDb(AddChannelDb.java:18)
at controller.DigiTurkController$addChannelBtnListener.actionPerformed(DigiTurkController.java:47)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$400(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
我搜索网络真的很难,但我找不到任何东西。它看起来像一个简单的问题,但我无法解决它。谢谢你的时间和帮助。(顺便说一下,我确信表名和变量名称是正确的。)
答案 0 :(得分:2)
改变这个:
st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES ("+ channelNo + "," + channelName + ")");
要:
st.executeUpdate("INSERT INTO channelstable(channelNo,channelName) VALUES (\'"+ channelNo + "\',\'" + channelName + "\')");
基本上,您缺少要插入的值的引号。
请注意:我建议您使用preparedStatement,在那里您不必处理引号,并且您的SQL将是安全的,并且不会受到SQL注入的攻击,因为它现在处于当前状态。
答案 1 :(得分:1)
您不应该使用conn.createStatement()
,而是使用con.prepareStatement()
,它会保护您免受SQLInjection的攻击。</ p>
您的代码如下所示:
String sql = "INSERT INTO channelstable(channelNo,channelName) VALUES ( ? , ? )";
Statement st = conn.prepareStatement(sql);
st.setInt(1, channelNo);
st.setString(2, channelName);
st.executeUpdate(sql);