我被卡住了我无法从JDBC将数据插入MySQL数据库

时间:2015-12-23 09:08:08

标签: java mysql jdbc mysql-workbench

我想做简单的注册表单,但是我不能继续前进,我已经尝试了所有内容但它仍然无效这是我的代码:

protected void doPost(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException
    {
        StringBuilder builder= new StringBuilder();
        Reader reader=request.getReader();
        int c;
        while ((c=reader.read())!=-1)
        {
            builder.append((char) c);
        }
        String signup=builder.toString();
        try {
            JSONObject object= new JSONObject(signup);
            String name=object.getString("username");
            String email=object.getString("email");
            String pass=object.getString("pass");
            String sql="INSERT INTO user_f VALUES("+email+","+name+","+pass+")"+";";

            statement.executeUpdate(sql);
            //ResultSet set= statement.executeQuery("SELECT ")

        } catch (JSONException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }

我的错误堆栈我编辑了很多次代码而且我对这个错误感到沮丧:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com,dsf,sdfsd)' at line 1
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
    at com.mysql.jdbc.Util.getInstance(Util.java:387)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547)
    at com.mysql.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1541)
    at com.mysql.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2605)
    at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1469)
    at com.herda.app.Servlet.doPost(Servlet.java:56)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

3 个答案:

答案 0 :(得分:2)

您的MySQL查询没有错误所说的有效语法。你需要围绕字符串文字的引号。尝试这样的事情:

if(isset($row['video']) && $row['video']!=""){ //if its not NULL
  $content .= ''.$row['content'].'<br><br><iframe type="text/html" width="100%" height="390" src="'.$row['video'].'" frameborder="0"/>';
}else{
  $content .= ''.$row['content'].'';
}

但是,请注意此代码对SQL注入是开放的!要解决此安全问题,可以使用预准备语句。这也解决了你的报价问题。

答案 1 :(得分:1)

你应该测试你的sql查询拳头。在MySql Workbench上执行它

我认为应该是

String sql="INSERT INTO user_f VALUES('"+email+"','"+name+"','"+pass+"')"+";";

答案 2 :(得分:1)

问题是你缺少值的引号,但你应该从不通过将值连接到查询字符串来构造这样的查询。它会打开您的SQL注入代码(例如,当您插入用户输入时),这是一个非常大的安全风险。相反,您应该使用带参数占位符的预准备语句。这将处理转义值,因此SQL注入不会成为问题。

某些数据库系统上的预备语句也具有导致更好性能的附加值,因为该语句可以重复使用。

举个例子:

try (PreparedStatement pstmt = connection.prepareStatement(
           "INSERT INTO user_f(email,name,pass) VALUES(?,?,?)")) {
    pstmt.setString(1, email);
    pstmt.setString(2, name);
    pstmt.setString(3, pass);
    pstmt.executeUpdate();
}

在这个答案中,我还明确列出了您要插入的列,这使您的代码更具未来性(例如,当您添加或删除列时)。

相关问题
最新问题