無法在where子句中將Java的Studentid傳遞給mysql

Question

在我下面的程序中，我想通過用戶輸入傳遞值來更新mysql學生信息。 輸入的是studentid和firstname。

使用的SQL查詢是

String update = "UPDATE `student_db`.`studentinfo` SET `Student_LastName`='"+firstname+"' WHERE `Student_ID`= '"+studentid+"' ";

執行上面的程序不起作用，但如果我對查詢中的studentid值進行硬編碼，則執行相同的查詢，但我不想要...

例如： String update = "UPDATE student_db . studentinfo SET Student_LastName ='"+firstname+"' WHERE student_id數據= '3' ";

我希望where子句接受用戶輸入，更新查詢並執行。

public static void firstname() {
            Scanner studentid= new Scanner(System.in);
            System.out.println("Please enter your Studentid");
            studentid.nextLine();

                    Scanner name = new Scanner(System.in);

                    System.out.println("Please enter your first name:"); 

                        while(!name.hasNext("[a-zA-Z]+")){

                            System.out.println("Please re-enter your name, use alphabets only");
                            System.out.println("Please enter your first name:");
                            name.nextLine();

                        }
                        String firstname=name.nextLine();   
                        System.out.println("Your Updated firstname is " + firstname);

                        //Connection to db
                        try{
                        Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/student_db","root","admin");
                        Statement stmt = (Statement) conn.createStatement();
                        String update = "UPDATE `student_db`.`studentinfo` SET `Student_LastName`='"+firstname+"' WHERE `Student_ID`= '"+studentid+"' ";
                        PreparedStatement ps = con.prepareStatement(update);
                        int rs= stmt.executeUpdate(update);
                        }catch (Exception e){
                            System.err.println(e);
                        }
                }           

    enter code here

Answer 1

首先調試您的應用程序並檢查日志中的sql查詢是否正常？

之后，請從此處閱讀 PreparedStatement的文檔。

String update = "UPDATE `student_db`.`studentinfo` SET `Student_LastName`=? WHERE `Student_ID`= ? ";
PreparedStatement stmt= con.prepareStatement(update);
stmt.setString(1, firstName); 
stmt.setString(2, studentId);
stmt.executeUpdate();

Answer 2

公共靜態無效的名字（）{

        System.out.println("Please enter your Studentid");

        Scanner studentid= new Scanner(System.in);

        int stdnumber = studentid.nextInt();

        studentid.nextLine();

        Scanner name = new Scanner(System.in);

        System.out.println("Please enter your first name:"); 

    while(!name.hasNext("[a-zA-Z]+")){  
        System.out.println("Please re-enter your name, use alphabets only");
        System.out.println("Please enter your first name:");
        name.nextLine();                        
        }

    String firstname=name.nextLine();   

    System.out.println("Your Updated firstname is " + firstname);

    //Connection to db
    try{
        Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/student_db","root","admin");

        Statement stmt = (Statement) conn.createStatement();

        String update = "UPDATE `student_db`.`studentinfo` SET `Student_FirstName`='"+firstname+"' WHERE `Student_ID`='"+stdnumber+"' ";

        int rs= stmt.executeUpdate(update);

        }catch (Exception e){
            System.err.println(e);
        }

Answer 3

您應該使用PreparedStatement（帶有參數化值）。

    PreparedStatement stmt = conn.prepareStatement("UPDATE studentinfo SET   Student_LastName=? WHERE Student_ID= ?");
    stmt.setString(1, firstName);  //setString - depend on type of value in database
    stmt.setString(2, studentId);
    stmt.executeUpdate();

如您所見，我更改了您的SQL。 我已將串聯參數替換為參數化查詢（？）。

您在代碼中有很多錯誤。 我已經將您的代碼重寫為

    Scanner scanner= new Scanner(System.in);
    System.out.println("Please enter your Studentid");
    String studentId = scanner.nextLine();

    System.out.println("Please enter your first name:");

    while(!scanner.hasNext("[a-zA-Z]+")){
        System.out.println("Please re-enter your name, use alphabets only");
        System.out.println("Please enter your first name:");
        scanner.nextLine();
    }
    String firstName = scanner.nextLine();