这是我的代码人员,我做错了什么(我被迫使用常规语句而不是PreparedStatement类,以便我可以使用mySQL的AES_ENCRYPT / DECRYPT方法):
DDL
s.executeUpdate("CREATE TABLE login ("+"user_Name CHAR(50) NOT NULL,"+"PRIMARY KEY(user_Name),"+"pass_Word CHAR(50)NOT NULL, cust_ID CHAR(10))");
DML
public static void insertLoginData(String user_Name, String pass_Word, String cust_ID)throws IOException, SQLException, NoSuchAlgorithmException, InvalidKeyException
{
. . .
String insert="INSERT INTO login(user_Name, pass_Word, cust_ID)"
+ " VALUES("+user_Name+",AES_ENCRYPT('text',"+pass_Word+"),"+cust_ID+")";
s.executeUpdate(insert);
答案 0 :(得分:2)
您可能需要围绕列值的单引号,如下所示:
String insert="INSERT INTO login(user_Name, pass_Word, cust_ID)"
+ " VALUES('"+user_Name+"',AES_ENCRYPT('text','"+pass_Word+"'),'"+cust_ID+"')";
旁注:有人最终会指出此代码受SQL注入攻击。