PrepareStatement在选择查询Java中不起作用

Question

String checkq="select * from "+Dbc.TB_COMPANY+" where cmp_name=? and cmp_id!=?";
        pst=con.prepareStatement(checkq);
                pst.setString(1,"test"); pst.setString(2,"2")
        rs=st.executeQuery(checkq);

shows You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''13a'' and cmp_id!=3' at line 1

Answer 1

You're calling st.executeQuery and passing in checkq , which makes me think st is a Statement instance. The string in checkq is not, of course, a valid SQL statement — it has PreparedStatement placeholders in it. You should be calling executeQuery on the PreparedStatement instead (and not using a simple Statement at all):

String checkq="select * from "+Dbc.TB_COMPANY+" where cmp_name=? and cmp_id!=?";
pst=con.prepareStatement(checkq);
pst.setString(1,"test");
pst.setString(2,"2")
// Not: rs=st.executeQuery(checkq);
rs = pst.executeQuery();

Answer 2

String checkq="select * from "+Dbc.TB_COMPANY+" where cmp_name=? and cmp_id!=?";
        pst=con.prepareStatement(checkq);
                pst.setString(1,"test"); pst.setString(2,"2")
        rs=pst.executeQuery(checkq);

you are using both statement and prepareStatement

make sure to use prepareStatement