[英]Missing semicolon (;) at end of SQL Statement
我試圖通過將表中的值與我從ID號捕獲的有關用戶的變量進行比較,將值插入數據庫中另一個表的表中。
我收到以下錯誤:
java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Missing semicolon (;) at end of SQL statement.
這是我嘗試上面的代碼:
Statement stmt1 = con.createStatement();
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= " + details.getAge() + "AND Group_MaxAge >= " + details.getAge() + "AND Group_Gender = 'details.getGender()'";
stmt1.executeUpdate(mySqlStatement1);
將有關SQL注入攻擊的標准警告擱置一會兒,您的語句的問題是您的引號錯誤,並且AND
之前沒有空格:
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= "
+ details.getAge()
+ " AND Group_MaxAge >= " // Add space
+ details.getAge()
+ " AND Group_Gender = '" // Add space
+ details.getGender() // This part was enclosed in double-quotes
+ "';"; // Add semicolon at the end
為了防止注入攻擊,您應該對查詢進行參數化,並將值綁定到准備好的語句的參數:
String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= ? AND Group_MaxAge >= ? AND Group_Gender = ?;";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.