[英]java.sql.SQLSyntaxErrorException: ORA-00936: missing expression
I wrote a simple SQL query in Oracle which inserts some values. 我在Oracle中编写了一个简单的SQL查询,它插入了一些值。
But I got SQLSyntaxErrorException
stating a "missing expression" error. 但我得到了SQLSyntaxErrorException
指出“缺少表达式”错误。
This my query: 我的查询:
String addManager = "INSERT INTO property_manager(EIN,NAME,HOME_PHONENUMBER,MOBILE_PHONENUMBER,EMAIL,PROPERTY_CIN)" +
"VALUES (" + mein.getText() + "," + mname.getText() +","+ mHome_phonenumber.getText() +","+ MMobile_phonenumber.getText()+"," + memail.getText() + ","+mproperty_cin.getText()+")";
The best solution is using a java.sql.PreparedStatement
. 最好的解决方案是使用java.sql.PreparedStatement
。
'
) and the characters which will break your query 转义字符串中的无效字符(例如'
)以及将破坏查询的字符 Just google for java PreparedStatemnt
and you see lots of samples. 只需google for java PreparedStatemnt
,你会看到很多样本。
You should put your values inside quotes. 您应该将您的值放在引号内。
String addManager = "INSERT INTO property_manager(EIN,NAME,HOME_PHONENUMBER,MOBILE_PHONENUMBER,EMAIL,PROPERTY_CIN)" +
"VALUES ('" + mein.getText() + "','" + mname.getText() +"','"+ mHome_phonenumber.getText() +"','"+ MMobile_phonenumber.getText()+"','" + memail.getText() + "','"+mproperty_cin.getText()+"')";
Or better yet, use parameters. 或者更好的是,使用参数。 Otherwise you risk sql injection attack. 否则你冒险sql注入攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.