[英]Unable to insert a row in Oracle with Java (JDBC) --> error ORA-00917: missing comma
[英]ORA-00917: missing comma - Insert query failed
我正在嘗試在JSP頁面中創建插入查詢,如下所示
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
}
catch (ClassNotFoundException e)
{
e.printStackTrace();
}
try
{
connection = DriverManager.getConnection(
"jdbc:oracle:thin:@localhost:1521:" + "XE", "hr","hr");
if (connection != null)
{
statement = connection.createStatement();
String q2 = "INSERT INTO HR.tweets (";
q2 = q2 + "DATE_TIME,USER_NAME,TWEET_BEFORE,TWEET_AFTER)";
q2 = q2 + "VALUES (";
q2 = q2 + "(select SYSDATE from dual),";
q2 = q2 + "'" + tweet.getUser().getScreenName() + "'" + ",";
q2 = q2 + "'" + tweet.getText() + "'" +",";
q2 = q2 + "'" + finalstring + "')";
statement.execute(q2);
statement.close();
connection.close();
}
}
catch (SQLException e)
{
e.printStackTrace();
}
在statement.execute(q2)
我得到ORA-00917: missing comma error
。
以下查詢是通過代碼創建的:
INSERT INTO HR.tweets (DATE_TIME,USER_NAME,TWEET_BEFORE,TWEET_AFTER)VALUES ((select SYSDATE from dual),'Dannazxcv','RT @HugotInhinyero: Wish we could turn back time to the good old days. When our mama sings us to sleep but now we're stressed out.🎶🎶
#engin…','hugotinhinyero turn back time good days. mama sing sleep we're stress out. engin' )
請幫我。
您的SQL插入有語法錯誤,因為其中一個參數包含'
:
'hugotinhinyero turn back time good days. mama sing sleep we're stress out. engin'
為避免此類錯誤,請不要手動構建SQL字符串,而應使用PreparedStatement
和參數:
String insert = "INSERT INTO HR.tweets (DATE_TIME,USER_NAME,TWEET_BEFORE,TWEET_AFTER) " +
" VALUES ((select SYSDATE from dual),?,?,?)";
PreparedStatement stmt = connection.prepareStatement(insert);
stmt.setParameter(1, tweet.getUser().getScreenName());
stmt.setParameter(2, tweet.getText());
stmt.setParameter(3, finalstring);
stmt.executUpdate();
這里的問題是您正在使用特殊字符,這會導致發送到數據庫的語句無效。
嘗試使用這樣的准備好的語句...
PreparedStatement pstatement = null;
Connection connection = null;
try
{
connection = DriverManager.getConnection(
"jdbc:oracle:thin:@localhost:1521:" + "XE", "hr","hr");
if (connection != null)
{
pstatement = connection.prepareStatement("INSERT INTO HR.tweets (DATE_TIME,USER_NAME,TWEET_BEFORE,TWEET_AFTER) VALUES ((select SYSDATE from dual),?,?,?)");
q2 = q2 + "'" + tweet.getUser().getScreenName() + "'" + ",";
q2 = q2 + "'" + tweet.getText() + "'" +",";
q2 = q2 + "'" + finalstring + "')";
pstatement.setString(1, tweet.getUser().getScreenName());
pstatement.setString(2,tweet.getText());
pstatement.setString(3, finalstring);
pstatement.execute();
}
}
catch (SQLException e)
{
e.printStackTrace();
}finally{
pstatement.close();
connection.close();
}
...准備好的語句通常會處理格式錯誤的字符串和發送給數據庫的無效引號。
使用PreparedStatement
代替Statement
。
如果您的任何字段包含引號( '
),則查詢將始終失敗。
此外,您的查詢容易受到SQL注入攻擊,而PreparedStatement可以防止此類攻擊。
可以在本教程中找到有關PreparedStatement的詳細信息:
http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
這是非常非常基礎的知識,因此在此不做解釋。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.