[英]What's wrong with this SQL syntax?
我正在嘗試使用Java Servlet構建注冊系統。 並將數據插入到mySQL數據庫中。 但是我收到語法錯誤。 我剛讀完Wiley mySQL和Java開發人員指南書。
而且我是servlet編程的新手,因此,如果有簡單的方法可以執行操作,請告訴我。
package com.app.base;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.app.pojo.*;
public class RegisterServlet extends HttpServlet{
MySqlDB mysql;
@Override
public void init() throws ServletException {
// TODO Auto-generated method stub
mysql = new MySqlDB();
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
PrintWriter out = null;
//Connection connection = null;
//Statement statement;
//ResultSet rs;
resp.setContentType("text/html");
out = resp.getWriter();
try{
mysql.createConnection();
}catch(Error e){
out.write("Couldn't connect to mysql");
}
String fname = req.getParameter("fname");
String lname = req.getParameter("lname");
String email = req.getParameter("email");
String password = req.getParameter("password");
String city = req.getParameter("city");
String country = req.getParameter("country");
if(fname == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else if(lname == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else if(email == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else if(password == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else if(city == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else if(country == null){
String destination = "signup.jsp?error=Complete All Fields";
RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
rd.forward(req, resp);
}else{
String sql = "INSERT INTO main.users(first_name, last_name, email, password, city, country, registered_time) VALUES("
+ fname +", "+ lname + ", "+ email +", " + password +", " + city +"," + country + ",Now());";
int answer = mysql.insertSQL(sql);
if(answer == 1){
resp.sendRedirect( "index.jsp?registered=true");
//String destination = "index.jsp?registered=true";
//RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
//rd.forward(req, resp);
}
}
}
}
這是要連接的MySql類。
package com.app.pojo;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class MySqlDB{
private static String username = "root", password = "root";
public Connection createConnection(){
Connection connection = null;
try{
//Load the JDBC driver
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection("jdbc:mysql://localhost:3306,/main", username, password);
//Create a connection to the database
}catch(SQLException ex){
System.out.println(ex);
}catch(ClassNotFoundException e){
System.out.println(e);
}
return connection;
}
public void runSqlStatement(String sql){
try{
Statement statement = createConnection().createStatement();
//statement executeQuery(Query)
boolean rs = statement.execute(sql);
}catch(SQLException ex){
System.out.println(ex);
}
}
public ResultSet executeSQL(String sql){
Statement statement = null;
ResultSet rs = null;
try{
statement = createConnection().createStatement();
rs = statement.executeQuery(sql);
/*while(rs.next()){
System.out.println(rs.getString(1));
}*/
// rs.close();
// statement.close();
}catch (SQLException e) {
System.out.println(e);
}
return rs;
}
public int insertSQL(String sql){
int rs;
try{
Statement statement = createConnection().createStatement();
rs = statement.executeUpdate(sql);
return rs;
}catch(SQLException ex){
System.out.println(ex);
return 0;
}
}
}
這是tomcat控制台
INFO: Reloading Context with name [/Map] has started
Apr 21, 2012 12:59:14 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc
SEVERE: The web application [/Map] registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
Apr 21, 2012 12:59:17 AM org.apache.catalina.core.StandardContext reload
INFO: Reloading Context with name [/Map] is completed
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '********,Colombo,Sri Lanka,Now())' at line 1
您需要對VALUES
部分中的字符串進行轉義/引用。 JDBC驅動程序將為您執行此操作,例如使用PreparedStatement
。
請注意,如果您按原樣保留代碼或僅添加引號,則可能會面臨SQL注入攻擊的危險。
嘗試這個...
Connection con = mysql.createConnection();
String sql = "INSERT INTO main.users(first_name, last_name, email, password, city,
country, registered_time) VALUES(?, ?, ?, ?, ?, ?, ?);";
PreparedStatement insertStatement = con.prepareStatement(sql);
insertStatement.setString(1, first_name);
insertStatement.setString(2, last_name);
insertStatement.setString(3, email);
insertStatement.setString(4, password);
insertStatement.setString(5, city);
insertStatement.setString(6, country);
insertStatement.setString(7, new Date());
insertStatement.execute();
問候。
嘗試在變量周圍加上單引號。
例如:
VALUES('" + myString + "', '" + myOtherString + "')
String sql = "INSERT INTO main.users(first_name, last_name, email, password, city, country, registered_time) VALUES('"
+ fname +"', '"+ lname + "', '"+ email +"', '" + password +"',' " + city +"','" + country + "',Now())";
Colombo,Sri Lanka,Now())' at line 1
好像您在字符串周圍缺少單引號。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.