Question

我得到以下异常，

java.sql.SQLSyntaxErrorException: Syntax error: Encountered "80" at line 1, column 1100.

当我尝试插入如下内容时！知道这可能是什么意思??！

String insertString = "insert into queries (data_id, query, "
                + "query_name, query_file_name, status) values(" + currentDataID + ", '"
                + params[1] + "', '" + params[2] + "', '" 
                + params[3] + "', '" + params[4] + "')";
try {
     Statement stmt = dbconn.createStatement();
     stmt.execute(insertString, Statement.RETURN_GENERATED_KEYS);
     ResultSet rs = stmt.getGeneratedKeys(); 

     if (rs != null && rs.next()){     
           currentDataID = (int) rs.getLong(1); 
     } 
} catch (SQLException ex) {
}

表定义，

CREATE TABLE queries (query_id INT not null primary key GENERATED "
                + "ALWAYS AS IDENTITY (START WITH 1, INCREMENT BY 1), data_id "
                + "INTEGER not null, foreign key (data_id) references data "
                + "(data_id), query LONG VARCHAR, query_name VARCHAR(150), "
                + "query_file_name VARCHAR(150),status VARCHAR(20))

Answer 1

使用prepared statement：

尝试此方法

String insert = "INSERT INTO queries (data_id, query, query_name," +
        " query_file_name, status) VALUES (?,?,?,?,?)";

PreparedStatement stmt = dbconn.prepareStatement(insert, Statement.RETURN_GENERATED_KEYS);
// Why do you set this if you want the DB to generate it?
stmt.setInt(1, currentDataID); // or setLong() depending on data type
stmt.setString(2, params[1]); // I assume params is a String[]
stmt.setString(3, params[2]);
stmt.setString(4, params[3]);
stmt.setString(5, params[4]);
stmt.execute();

ResultSet rs = stmt.getGeneratedKeys();
if (rs.next()) {
    // if it's an int, avoid the cast and use rs.getInt(1) instead
    currentDataID = (int) rs.getLong(1);
}

我不明白为什么你设置data_id而后面的代码希望数据库生成它...你的表定义会有所帮助。

Answer 2

这可能是因为您的params[]之一包含引号字符。

这个问题正是您不应该创建这样的SQL表达式的原因，而应该使用PreparedStatement。请阅读SQL injection。

java.sql.SQLSyntaxErrorException：语法错误：在第1行第1100列遇到“80”

2 个答案: