在JAVA中使用SQL语句的where子句中的变量
[英]Using variables in where clause of SQL statement in JAVA
问题描述
I want to select some rows from my database based on the values stored in my variables ( supp_rec array). 
我想根据存储在变量( supp_rec数组)中的值从数据库中选择一些行。 I have used tips on similar previous post/question. 我使用过类似的帖子/问题提示。 However, I am still having some error messages. 但是,我仍然有一些错误消息。 The code snippet is below: 代码段如下:
waiting_time = dbMngr.runQuery( "SELECT " + "ExpectedWaitingTime" + " FROM Student" + "where deptID = '" + supp_rec[1] + "' and weight = '" + supp_rec[2] + "'");
prob = PoisonModel(Phase3GUI.existence_time - Long.parseLong(waiting_time[0]),2,Phase3GUI.existence_time);
if (prob > 0.5)
{
dbMngr.execUpdate( "DELETE " + " FROM Student" + "where deptID NOT IN" + supp_rec[1] + " and weight NOT IN" + supp_rec[2]);
}+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The error message is below: 错误消息如下:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'deptID NOT IN1 and weight NOT IN8' at line 1 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '1' and weight = '8'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Please I will appreciate any help on how to solve these errors. 如果您能解决这些错误,我将不胜感激。 Thank you. 谢谢。
3 个解决方案
解决方案1
1 2014-01-25 19:35:22
The mysql error message is mysql错误消息是
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax;
So, without the space, mysql tries to parse IN1 as a part of it's syntax & hence the query fails. 因此,没有空间,mysql会尝试解析IN1作为其语法的一部分,因此查询失败。 It should be IN 1 where IN is valid SQL token. 它应该是IN 1 ,其中IN是有效的SQL令牌。
To correct this, add a space after IN in your statement - 要更正此问题,请在语句后的IN后添加一个空格 -
dbMngr.execUpdate( "DELETE " + " FROM Student" + "where deptID NOT IN " + supp_rec[1] + " and weight NOT IN " + supp_rec[2]);
EDIT : Noticed that you're passing a single value for NOT IN . 编辑:注意到你为NOT IN传递了一个值。 In that case, it should be just != operator. 在这种情况下,它应该只是!=运算符。
dbMngr.execUpdate( "DELETE " + " FROM Student" + "where deptID != " + supp_rec[1] + " and weight != " + supp_rec[2]);
解决方案2
1 2014-01-25 19:36:33
Added () between the variables content, spaces between them and formatted a little bit 在变量内容之间添加了() ,它们之间的空格和格式化了一点
dbMngr.execUpdate(String.format("DELETE FROM Student WHERE deptID NOT IN (%s) and weight NOT IN (%s)", supp_rec[1], supp_rec[2]));
Additionally , It's highly risky for you, not be using protections against SQL Injections 此外 ,它对您来说风险很大,而不是使用针对SQL注入的保护
解决方案3
0 2014-01-25 19:50:26
You should really use a PreparedStatement. 你应该真的使用PreparedStatement。 The SQL will be much easier to read and you'll avoid most of these problems. SQL将更容易阅读,您将避免大多数这些问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.