我正在尝试将timestamp插入我的数据库但我不断获得java.sql.SQLSyntaxErrorException:
这是我的代码
java.sql.Timestamp sqlDate = new java.sql.Timestamp(new java.util.Date().getTime());
System.out.println(sqlDate);
这里插入和连接到DB
Connection conn = DriverManager.getConnection("jdbc:derby://localhost:1598/VotingDB", "app", "app");
Statement st = conn.createStatement();
String sql = "INSERT INTO VOTES (CANDIDATE_NAME,VOTER_SSN,TIMESTAMP) "
+ "VALUES ('" + Candidate_Name + "','" + ssn + "'," + TimeStamp + ")";
st.executeUpdate(sql);
st.close();
conn.close();
} catch (SQLException ex) {
System.out.println("Connection failed adding vote " + ex);
}
错误
2017-04-09 20:10:02.825连接失败,添加投票 java.sql.SQLSyntaxErrorException:语法错误:遇到“20” 第1行,第94栏。
答案 0 :(得分:2)
你应该把时间安排在''之间:
"VALUES ('" + Candidate_Name + "','" + ssn + "', ' " + TimeStamp + "')";
但这不够安全,你必须使用PreparedStatement来避免任何SQL注入。
例如:
String sql = "INSERT INTO VOTES (CANDIDATE_NAME, VOTER_SSN, TIMESTAMP) VALUES (?, ?, ?)";
try (PreparedStatement stm = connection.prepareStatement(sql)) {
stm.setString(1, Candidate_Name );
stm.setString(2, ssn );
stm.setDate(3, TimeStamp);
stm.executeUpdate();
}
答案 1 :(得分:1)
你不应该用简单的引号括起TimeStamp变量吗?
String sql = "INSERT INTO VOTES (CANDIDATE_NAME,VOTER_SSN,TIMESTAMP) "
+ "VALUES ('"+Candidate_Name +"','"+ssn +"','"+TimeStamp+"')";