执行以下选择查询时出现错误:
ResultSet rs = St.executeQuery("select * from login where username="+username+"and password ="+password);
例外是
java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended.
如果查询在语法上是错误的,请告诉我。
问问题
738 次
6 回答
2
Use at least parameters (named parameters are even better). Concatenating values into SQL string is error prone and unsafe. E.g.:
Statement stmt = null;
String query = "select * from login where username=? and password=?";
try {
stmt = con.createStatement();
stmt.setString(1, username);
stmt.setString(2, password);
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
//...
}
} catch (SQLException e ) {
//TODO handle e
} finally {
if (stmt != null) { stmt.close(); }
}
}
于 2012-05-17T12:56:14.983 回答
1
用户名和密码的值应该用引号引起来
ResultSet rs = St.executeQuery("select * from login where username='" + username + "' and password ='" + password + "'");
于 2012-05-17T12:50:19.100 回答
1
and您的用户名和关键字之间没有空格。这将解析为
select * from login where username=usernameand password =password
您还缺少围绕要插入语句的值的单引号。尝试:
ResultSet rs = St.executeQuery("select * from login where username = '" + username + "' and password = '" + password + "'");
我还建议阅读Java 教程中的Using Prepared Statements。
于 2012-05-17T12:47:32.940 回答
0
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
执行查询的最佳方法将其取出并自行尝试...例如。
String query = "select * from login where username='"+username+"' and password = '"+password+"'";
//Print your query and execute it in your sql client you ll get to know if it works!
System.out.println(query);
ResultSet rs = St.executeQuery(query);
于 2012-05-17T12:52:35.290 回答
0
值和密码前缺少单引号,我认为应该是:
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
于 2012-05-17T12:48:30.533 回答