我收到了这个SQL异常:
16043 10.8.38.30> 2012-03-06 14:21:00,870 | INFO | SubThread-10 | DatabaseSender: Executing SQL Statement...; SQL Statement = select ERRORCODE from ERR_MASTER where ErrorDescription='State must be 'pre-installed', 'active', 'inactive' or 'deactive''
16044 10.8.38.30> 2012-03-06 14:21:00,872 | ERROR | SubThread-10 | Exception caught: E_01_003_0 ORA-00933: SQL command not properly ended
16045
16046 10.8.38.30> 2012-03-06 14:21:00,872 | ERROR | SubThread-10 | SQLState: 42000
16047 10.8.38.30> 2012-03-06 14:21:00,872 | ERROR | SubThread-10 | Errorcode: 933
16048 10.8.38.30> 2012-03-06 14:21:00,872 | ERROR | SubThread-10 | Exception Stack:
16049 10.8.38.30> 2012-03-06 14:21:00,873 | ERROR | SubThread-10 | java.sql.SQLException: ORA-00933: SQL command not properly ended
当然问题来自 ErrorDescription ='状态必须是'预安装','有效','无效'或'无效''在单引号内包含单引号字符串。< / p>
但是考虑到下面的代码,遇到上述异常会导致连接泄漏吗?
执行SQL的代码:
private String getErrorCode(Connection conn, PreparedStatement ps, ResultSet result, String sErrorDesc) throws Exception {
String sErrorCode = null;
StringBuffer sBuffer = new StringBuffer();
sBuffer.append("SELECT ").append(aaConstants.COL_ERRMASTER_ERRORCODE);
sBuffer.append(" from ").append(aaConstants.TABLE_ERRMASTER);
sBuffer.append(" where ").append(aaConstants.COL_ERRMASTER_ERRORDESCRIPTION);
sBuffer.append(" = '").append(sErrorDesc).append("'");
try{
ps = conn.prepareStatement(sBuffer.toString());
Trace.info("sql : " +sBuffer.toString());
result = ps.executeQuery();
if (result.next())
sErrorCode = result.getString(aaConstants.COL_ERRMASTER_ERRORCODE);
}finally{
aaUtils.cleanUp(null, ps, result);
}
if (sErrorCode == null || sErrorCode.equals(""))
sErrorCode = aaErrorCode.MsgCode_Default_ErrorCode;
return sErrorCode;
}
上面的方法在这里被称为:
public String getServerExpiredResponse() throws AuthException {
String retstr="", sessionid="";
Connection conn = null;
PreparedStatement ps = null;
ResultSet result = null;
if (!loginok) {
try{
conn = aaUtils.getDBConnection();
String session_loginfailure_faultcode = getErrorCode(conn, ps, result, sErrorDesc);
String session_loginfailure_faultstring = sErrorDesc;
if (session_loginfailure_faultcode==null) {session_loginfailure_faultcode="";}
if (session_loginfailure_faultstring==null) {session_loginfailure_faultstring="Failed.";}
retstr +=
"<faultcode>"
+ session_loginfailure_faultcode
+ "</faultcode>"
+ "<faultstring>"
+ session_loginfailure_faultstring
+ "</faultstring>";
} catch (Exception e) {
throw new AuthException(Trace.stack2string(e));
}finally{
aaUtils.cleanUp(conn, ps, result);
}
}
Trace.info("In getServerExpiredResponse " +retstr);
return retstr;
}
在调用getErrorCode()的方法中,数据库连接很接近,因为在getErrorCode()中发生异常,连接是否仍会在getServerExpiredResponse()中关闭?
你可以看到getErrorCode()里面只有Resultset和PreparedStatement关闭。
答案 0 :(得分:0)
sql查询中的问题是Single Quotes。
在我们想写一个引号的sql中,你必须写两个引号:' ==>> ''。
要在Single Quotes中使用SQL Query,您必须使用以下两个引用:
String sErrorCode = null;
StringBuffer sBuffer = new StringBuffer();
sBuffer.append("SELECT ").append(aaConstants.COL_ERRMASTER_ERRORCODE);
sBuffer.append(" from ").append(aaConstants.TABLE_ERRMASTER);
sBuffer.append(" where ").append(aaConstants.COL_ERRMASTER_ERRORDESCRIPTION);
sBuffer.append(" = '''").append(sErrorDesc).append("'''");
了解更多说明: 当您执行以下SQL时:
select ERRORCODE from ERR_MASTER where ErrorDescription='State must be ''pre-installed'', ''active'', ''inactive'' or ''deactive'''
sql engine throw error:SQL command not properly ended
但是当你执行以下sql查询时,一切正常:
从ERR_MASTER中选择ERRORCODE,其中ErrorDescription =''状态必须''预安装'',''有效'',''无效''或''无效''
有关详细信息,请参阅http://it.toolbox.com/wiki/index.php/How_do_I_escape_single_quotes_in_SQL_queries%3F
答案 1 :(得分:0)
但是考虑到下面的代码,遇到上述异常会导致连接泄漏吗?
这取决于aaUtils.cleanUp(null, ps, result)的作用。如果它关闭语句和结果集,那么您不应该获得资源泄漏。