![](/img/trans.png)
[英]SQL Exception: Unexpected token for UcanaccessConnection.prepareStatement
[英]Unreported SQL exception in the line 'ps=con.prepareStatement();'
我正在開發一個簡單的Java Web應用程序,該應用程序通過表單接受來自用戶的數據,並通過Servlet將其存儲在SQL數據庫中。 現在,當我編寫代碼時,一切正常,但是在我編寫的行中出現錯誤:
str="insert into ..."
ps= con.createStatement(str); <-- Error here
ps.executeUpdate(); <--error here
它說-未報告的SQL異常必須被捕獲或拋出。
因此,我用try and catch塊將語句括起來,但是現在當我運行程序時,我得到了此消息-java.sql.SQLException:[Microsoft] [ODBC SQL Server驅動程序] [SQL Server]找不到存儲過程str
我被困住了,在任何地方都找不到解決方案。 我已經創建了數據庫和表,並且值通過SQL Query插入。 我也通過odbcad32創建了一個名為“ mydata”的用戶DSN。 請幫幫我!
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.sql.*;
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String type="",name="",pw="",city="",country="",contact="",sal="";
type=request.getParameter("ddltype");
name=request.getParameter("txtname");
pw=request.getParameter("txtpwd");
city=request.getParameter("txtcity");
sal=request.getParameter("txtsal");
country=request.getParameter("txtcountry");
contact=request.getParameter("txtcontact");
try {
conn();
String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')";
ps=con.prepareStatement("str");
ps.executeUpdate();
/* TODO output your page here. You may use following sample code. */
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet regsev</title>");
out.println("</head>");
out.println("<body> INSERTED SUCCESSFULLY");
out.println("<h1>Servlet regsev at " + request.getContextPath() + "</h1>");
out.println("</body>");
out.println("</html>");
}
catch(SQLException e)
{
out.print(""+e);
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP
* <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP
* <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
這里有很多評論。
String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')";
ps=con.prepareStatement("str");
ps.executeUpdate();
所有3個錯誤。 准備好的語句有助於提高性能(在大多數情況下),簡化代碼並防止SQL注入。 您的代碼中3分之2。
下面是一個樣例:
String str="insert into details (type, name,pwd )
values(?,?,?)";
ps=con.prepareStatement(str); // so no "" around str.
ps.setString(1,type); // Sets the content of the first ?, all safe against SQL Injection
ps.setString(2,name); // Sets the content of the second ?
ps.setString(3,pwd); // Sets the content of the third ?
ps.execute(); // Execute instead of executeUpdate.
現在,數據庫還可以重新使用准備好的語句執行計划,從而使您在第二次插入操作中節省了幾百秒。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.