错误:java.sql.SQLSyntaxErrorException:您的SQL语法有错误。

时间:2019-11-14 17:05:56

标签: java mysql sql sql-server rest

我已经阅读了许多类似的问题,但是没有解决方案对我有用。

我正在使用jersey for CRUD编写RESTful API,因此我需要实现SQL语句来执行事务。但是对于每笔交易,都发生了同样的错误,该程序说我的SQL语法错误。

我搜索了许多解决方案,但没有人为我工作,并且我的SQL代码没有发现任何错误

(其他3个操作(包括创建,删除和更新显示熟悉的错误)

以下是我的Java代码供阅读:

  public HotelBean read(int hotelId, int roomId) {
    List<RoomBean> lBean = new ArrayList<RoomBean>();
    try {
      Connection conn = DBFactory.connectDB().getConn();
      Statement statement = conn.createStatement();
      ResultSet rs = statement.executeQuery("SELECT T1.HOTEL_ID, HOTEL_NAME, ROOM_ID, ROOM_NAME, OCCUPANCY, VACANCY, TOTAL_ROOM FROM HPMSDB.ROOM_INFO T1 INNER JOIN HPMSDB.HOTEL_INFO T2 ON T1.HOTEL_ID=T2.HOTEL_ID" + " WHERE T2.HOTEL_ID =" + hotelId + "AND T2.ROOM_ID="+ roomId);
      while (rs.next()) {
        RoomBean roomBean = new RoomBean();
        roomBean.setHotelId(rs.getInt(1));
        roomBean.setHotelName(rs.getString(2));
        roomBean.setRoomId(rs.getInt(3));
        roomBean.setRoomName(rs.getString(4));
        roomBean.setOccupancy(rs.getInt(5));
        roomBean.setVancancy(rs.getInt(6));
        roomBean.setTotalRoom(rs.getInt(7));
        lBean.add(roomBean);
      }
      conn.close();
    } catch (Exception ex) {
      ex.printStackTrace();
    }
    HotelBean hotelBean = new HotelBean();
    hotelBean.setRoomBean(lBean);
    return hotelBean;
  }

以下是我的数据库:

CREATE DATABASE HPMSDB DEFAULT CHARACTER SET UTF8
DEFAULT COLLATE UTF8_GENERAL_CI;

DROP TABLE IF EXISTS HPMSDB.HOTEL_INFO;
CREATE TABLE HPMSDB.HOTEL_INFO (
HOTEL_ID INT NOT NULL,
HOTEL_NAME VARCHAR(64),
RESORT_MANAGE VARCHAR(64),
PRIMARY KEY(HOTEL_ID)
);
DROP TABLE IF EXISTS HPMSDB.ROOM_INFO;
CREATE TABLE HPMSDB.ROOM_INFO (
HOTEL_ID INT NOT NULL,
ROOM_ID INT NOT NULL,
ROOM_NAME VARCHAR(64) NOT NULL,
OCCUPANCY INT,
VACANCY INT,
TOTAL_ROOM INT,
PRIMARY KEY(HOTEL_ID, ROOM_ID)
);

以下是读取错误消息:

java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'T2.ROOM_ID=2' at line 1

以下是创建错误消息:

java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE HOTEL_ID =2 AND ROOM_ID=1' at line 1

我对于所有创建,更新,读取和删除都显示相同错误的地方感到非常困惑。

感谢您的时间,祝您有愉快的一天!

1 个答案:

答案 0 :(得分:4)

问题是双重的。

一个是字符串中AND关键字之前没有空格:

SELECT T1.HOTEL_ID, HOTEL_NAME, ROOM_ID, ROOM_NAME, OCCUPANCY, VACANCY, TOTAL_ROOM 
FROM HPMSDB.ROOM_INFO T1 INNER JOIN HPMSDB.HOTEL_INFO T2 
ON T1.HOTEL_ID=T2.HOTEL_ID" + " WHERE T2.HOTEL_ID =" + hotelId + "AND T2.ROOM_ID="+ roomId

会变成:

SELECT T1.HOTEL_ID, HOTEL_NAME, ROOM_ID, ROOM_NAME, OCCUPANCY, VACANCY, TOTAL_ROOM 
FROM HPMSDB.ROOM_INFO T1 INNER JOIN HPMSDB.HOTEL_INFO T2 
ON T1.HOTEL_ID=T2.HOTEL_ID WHERE T2.HOTEL_ID =1234AND T2.ROOM_ID=9999
                                              ^^^^^^^
                                              LOOK!

但是更大的问题是您使用字符串concat将值放入SQL中。这是上线时被黑客入侵的绝佳方式

请使用parameterized queries

上面链接的网站提供了有关使用PreparedStatement的建议。请记住,如果遇到“我想使用参数,但我只是通过字符串concat来构建此SQL;没有其他方法”的情况,请记住-没有什么可以阻止您串联一个参数,然后用值填充参数;始终避免将连接到SQL中

假设您有两个数组:

columns[0] = "hotelid";
values[0] = "RoyalPalace";
columns[1] = "roomnum";
values[1] = "99";

您可能认为您必须像这样制作sql:

string sql = "select * from hotels where 1=1 ";
for(int i=0; i<columns.length; i++){
  sql = sql + " AND " + columns[i] + " = " + values[i]; // no no; do not concat values in!
}

输入Concat参数,然后进行设置(Hibernate语法):

string sql = "select * from hotels where 1=1 ";
for(int i=0; i<columns.length; i++){
  sql = sql + " AND " + columns[i] + " = :p" + i; // yes, concat a parameter named pX in!
}
Query query = session.createQuery(sql);

for(int i=0; i<columns.length; i++){
  query.setString(":p"+i, values[i]); // give the parameters a value
}

这是我所知的一个me脚的例子。但是,以防万一您发现自己需要结合价值的情况-永远不会做

相关问题
最新问题