我的代码工作正常它正在保存数据但是当我插入两个字段即日期和出生日期时它显示错误:在我的数据库中插入到语句中的syntex错误我已将此两个字段作为数字我的代码是:
private void saveREGISTRATION1(java.awt.event.ActionEvent evt) {
int len2;
String temp2;
int len1;
int len;
String temp,temp1;
int regno= Integer.parseInt(cbregn.getSelectedItem().toString());
if(cbregn.getSelectedItem().toString().equals("")){
JOptionPane.showMessageDialog(null," SELECT THE REGISTRATION NO ");
return;
}
// int date=Integer.parseInt(tdate.getText());
// if(tdate.getText().equals("")){
// JOptionPane.showMessageDialog(null," ENTER THE DATE ");
// return;
// }
String nm= cbnm.getSelectedItem().toString();
if(nm.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE NAME ");
return;
}
String place=tfplace.getText();
if(place.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE NATIVE PLACE ");
return;
}
String kul=tfkul.getText();
if(kul.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE NAME OF KUL ");
return;
}
String gotra=tfgotra.getText();
if(gotra.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE GOTRA NAME ");
return;
}
String kswami=tfswami.getText();
if(kswami.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE KULSWAMI NAME ");
return;
}
String raddr=taraddr.getText();
if(raddr.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE RESIDENSIAL ADDRESS ");
return;
}
int pincode=Integer.parseInt(tfpcd.getText());
// if(tfpcd.getText().equals(""))
// JOptionPane.showMessageDialog(null," ENTER THE PINCODE ");
// String pincode= tfpcd.getText();
// if(pincode.equals(""))
// JOptionPane.showMessageDialog(null," ENTER THE PINCODE ");
temp1=tfpcd.getText();
if(temp1.equals("")) {
JOptionPane.showMessageDialog(null," ENTER THE PIN CODE ");
return;
}
len1 = temp1.length();
if(len1!=7) {
JOptionPane.showMessageDialog(null,"Enter The 7 Digit Pin Code","Error",JOptionPane.ERROR_MESSAGE);
}
int stdcd=Integer.parseInt(tfstdcode.getText());
if(tfstdcode.getText().equals("")){
JOptionPane.showMessageDialog(null," ENTER THE STD CODE ");
return;
}
int tele=Integer.parseInt(tftele.getText());
// if(tftele.getText().equals(""))
// JOptionPane.showMessageDialog(null," ENTER THE TELEPHONE NO ");
temp2=tftele.getText();
if(temp2.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE TELEPHONE NO ");
return;
}
len2 = temp2.length();
if(len2!=7)
JOptionPane.showMessageDialog(null,"Enter The 7 Digit Telephone No","Error",JOptionPane.ERROR_MESSAGE);
int mno=Integer.parseInt(tfmno.getText());
if(tfmno.getText().equals("")){
JOptionPane.showMessageDialog(null," ENTER THE MOBILE NO ");
return;
}
temp=tfmno.getText();
if(temp.equals("")) {
JOptionPane.showMessageDialog(null," ENTER THE MOBILE NO ");
return;
}
len = temp.length();
if(len!=10) {
JOptionPane.showMessageDialog(null,"Enter The 10 Digit Mobile No","Error",JOptionPane.ERROR_MESSAGE);
}
String email=tfemail.getText();
if(email.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE EMAIL");
return;
}
if(email.equals("")) {
tfemail.setText("-");
} else // check if it is a valid email-id
{
//for(int cnt=0;cnt<temp.length();cnt++)
//{
int ind = email.indexOf("@");
if (ind != -1) { } else {
JOptionPane.showMessageDialog(null,"Invalid Email Id","Error",JOptionPane.ERROR_MESSAGE);
tfemail.setText("");
tfemail.requestFocus();
return;
}
//}
}
String website=tfweb.getText();
if(website.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE WEBSITE ");
return;
}
if(website.equals("")) {
tfweb.setText("-");
//return;
} else // check if it is a valid email-id
{
//for(int cnt=0;cnt<temp.length();cnt++)
//{
int ind = website.indexOf("www");
if (ind != -1) { } else {
JOptionPane.showMessageDialog(null,"Invalid Website","Error",JOptionPane.ERROR_MESSAGE);
tfweb.setText("");
tfweb.requestFocus();
return;
}
//}
}
String education=tfedu.getText();
if(education.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE EDUCATION DETAILS");
return;
}
String branch=tfbrch.getText();
if(branch.equals("")){
JOptionPane.showMessageDialog(null," ENTER THE BRANCH NAME ");
return;
}
// int brthdt=Integer.parseInt(tfbdt.getText());
// if(tfbdt.getText().equals("")){
// JOptionPane.showMessageDialog(null," SELECT THE BIRTH DATE");
// return;
// }
String bloodgroup=(String)cbbldgrp.getSelectedItem();
if(bloodgroup.equals("")){
JOptionPane.showMessageDialog(null," SELECT THE BLOODGROUP");
return;
}
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:wanisamajDB");
Statement stmt=con.createStatement();
String qry= "INSERT INTO Registration1(RegistrationNo,SeniorPerson,NativePlace,Kul,Gotra,KulSwami,ResidensialAddress,PinCode,STDcode,TelephoneNo,MobileNo,Email,Website,Education,Branch,BloodGroup) VALUES('"+regno+"','"+nm+"','"+place+"','"+kul+"','"+gotra+"','"+kswami+"','"+raddr+"','"+pincode+"','"+stdcd+"','"+tele+"','"+mno+"','"+email+"','"+website+"','"+education+"','"+branch+"','"+bloodgroup+"')";
//String qry= "INSERT INTO Registration1(RegistrationNo,SeniorPerson,NativePlace,Kul,Gotra,KulSwami,ResidensialAddress,PinCode,STDcode,TelephoneNo,MobileNo,Email,Website,Education,Branch,BloodGroup,Date,BirthDate) VALUES('"+regno+"','"+nm+"','"+place+"','"+kul+"','"+gotra+"','"+kswami+"','"+raddr+"','"+pincode+"','"+stdcd+"','"+tele+"','"+mno+"','"+email+"','"+website+"','"+education+"','"+branch+"','"+bloodgroup+"','"+date+"','"+brthdt+"')";
stmt.executeUpdate(qry);
JOptionPane.showMessageDialog(null,"RECORD IS SAVED SUCCESSFULLY ");
con.close();
}
catch(SQLException eM) {
System.out.println(" "+eM);
JOptionPane.showMessageDialog(null,"RECORD IS NOT SAVED");
}
catch(Exception et)
{
System.out.println("error:"+et.getMessage());
}
}
答案 0 :(得分:3)
我怀疑由于您尝试插入的值,SQL可能无效。
不要将值直接放在SQL语句中。这是SQL注入攻击的一个秘诀。
使用预准备语句,参数化所有值并在代码中设置参数值。
有关防止SQL注入攻击的更多信息,请参阅Bobby Tables网站,包括示例代码。
如果这没有用,你应该真的: