我不知道为什么会出现这个错误...如果有人可以告诉我这里有什么错误:
com.mysql.jdbc.exception你的sql语法有错误;查看与您的MySQL服务器版本对应的手册,以获得正确的语法
mat_pay="maybe";
Class.forName("com.mysql.jdbc.Driver");
connec = DriverManager.getConnection("jdbc:mysql://localhost/babe","root","");
stmt = connec.prepareStatement("INSERT INTO ? VALUES ( , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? ) ");
stmt.setString(1,mat_pay);
stmt.setInt(2,septembre.var_m_p_g1); //septembre.var_m_p_g1 has a value 'integer'
stmt.setInt(3,id_g2); //septembre.var_m_p_g1 has a value 'integer'
stmt.setInt(4,0);
stmt.setInt(5,0);
stmt.setInt(6,0);
stmt.setInt(7,0);
stmt.setInt(8,0);
stmt.setInt(9,0);
stmt.setInt(10,0);
stmt.setInt(11,0);
stmt.setInt(12,0);
stmt.setInt(13,0);
stmt.executeUpdate();
答案 0 :(得分:1)
您无法用?占位符替换表名。该语句必须明确命名该表。如果你真的必须(SQL Injection易受攻击)这样做,你可以使用字符串格式化
// assuming mat_pay is the name of a variable containing the table name
String query = String.format("INSERT INTO %s VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", mat_pay);
stmt = connec.prepareStatement(query);
stmt.setInt(1,septembre.var_m_p_g1); //septembre.var_m_p_g1 has a value 'integer'
stmt.setInt(2,id_g2); //septembre.var_m_p_g1 has a value 'integer'
stmt.setInt(3,0);
stmt.setInt(4,0);
stmt.setInt(5,0);
stmt.setInt(6,0);
stmt.setInt(7,0);
stmt.setInt(8,0);
stmt.setInt(9,0);
stmt.setInt(10,0);
stmt.setInt(11,0);
stmt.setInt(12,0);
stmt.executeUpdate();
mat_pay中的值不应该是用户/客户输入的内容,而是完全由您控制,不受外部操纵。否则会让您对SQL注入攻击持开放态度。
请注意,您在值列表的开头还有一个额外的逗号。