我可以使用以下方法在Netbeans中正常连接:
Connection conn = null;
try{
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/librarymangementsystem","root","root");
if(conn!= null)
{
System.out.println("connected");
}
}catch(Exception e)
{
System.out.println("not connected");
}
}
但是当谈到向列中添加数据时,我只是不能。
try{
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/librarymangementsystem","root","root");
Statement stmt=conn.createStatement();
String Query = "INSERT into librarian_details(username, name, email, password) VALUES("+ uname +", "+ fname +", " + emails + ", " + psword +")";
stmt.executeUpdate(Query);
JOptionPane.showMessageDialog(null, "Success!");
}
有谁知道这个问题? 更新的问题:
String Query =“insert into book_details(Book_Name,ISBN,Author,Category,> Quantity,BookShelfNo,Row,Column)VALUES('”bookname +“','”+ ISBN +“','”+ > AuthorName +“','”+ Category +“','”+ Quantity +“','”+?BookShelfNo +“','”> + Row +“','”+ Column +“') “;
我似乎无法使用以下方法向Row和Column插入任何数据:
String Row = jTextField9.getText(); String Column = jTextField10.getText(); 行和列数据类型为int。
答案 0 :(得分:2)
我猜用户名,姓名,电子邮件和密码字段是字符串类型,并且在创建librarian_details的用户名,名称,电子邮件和密码列时使用的数据类型是 Varchar 。
如果是这样,那么您需要将查询字符串更新为以下代码:
String Query = "INSERT into librarian_details(username, name, email, password)
VALUES('"+ uname +"','"+ fname +"','" + emails + "','" + psword +"')";
如果输入字符串有撇号(')字符,则需要添加一个额外的撇号(')字符作为转义序列。
例如:您的密码是abc' aa
String uname = "abc";
String fname = "xyz";
String emails = "abc@xyz.com";
String psword = "abc''aa";//extra apostrophe (') character added
String Query = "INSERT into librarian_details(username, name, email, password) VALUES('"+ uname+ "','"+ fname+ "','"+ emails+ "','"+ psword+ "')";
注意:在现有(')字符中添加额外的撇号(')与双引号不同。
以下代码适用于您的更新查询
String bookname ="abc";
String ISBN="qwerty123";
String AuthorName="user3213";
String Category="New";
String Quantity="1";
String BookShelfNo="5";
int Row=1;
int Column=5;
String Query = "insert into book_details(Book_Name, ISBN, Author, Category, Quantity, BookShelfNo,`Row`,`Column`) VALUES('" +bookname + "','" + ISBN + "','" + AuthorName + "','" + Category + "','" + Quantity + "','" + BookShelfNo +"', " + Row + ", " + Column + ")";
stmt.execute(Query);
注意:您正在使用像Row和Column这样的sql保留关键字。 我猜你在DB中的列名是Book_Name,ISBN,Author,Category,Quantity,BookShelfNo,Row和Column。
建议:
下面的代码描述了为您的查询使用预准备语句。
//query parameters will be dynamically set
String Query = "INSERT INTO book_details VALUES (?,?,?,?,?,?,?,?)";
//create a Prepared statement using connection object.
PreparedStatement pstmt = con.prepareStatement(Query);
//assign the query parameter values
pstmt.setString(1, bookname);
pstmt.setString(2, ISBN);
pstmt.setString(3, AuthorName);
pstmt.setString(4, Category);
pstmt.setString(5, Quantity);
pstmt.setString(6, BookShelfNo);
pstmt.setInt(7, Row);
pstmt.setInt(8, Column);
//display query string generated by PreparedStatement.
System.out.println("Query: "+pstmt.toString());
//Display result; result=1 means success.
int result = pstmt.executeUpdate();
System.out.println("result: "+result);
答案 1 :(得分:0)
转义文本值甚至更好 - 使用预准备语句。
String Query = "INSERT into librarian_details(username, name, email, password)
VALUES('"+ uname +"', '"+ fname +"', '" + emails + "', '" + psword +"')";
准备好的陈述:
String Query = "INSERT into librarian_details(username, name, email, password)
VALUES(?, ?, ?, ?)";
答案 2 :(得分:0)
将值连接到查询中是不安全的,它会打开SQL注入。您需要使用预准备语句:
try (PreparedStatement pstmt = connection.prepareStatement(
"INSERT into librarian_details(username, name, email, password) "
+ "VALUES(?, ?, ?, ?)")) {
pstmt.setString(1, uname);
pstmt.setString(2, fname);
pstmt.setString(3, emails);
pstmt.setString(4, psword);
pstmt.executeUpdate();
}