0

我试图将一个字符串传递给一个有换行符的 SQL 语句,所以它给了我一个错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE nric = 'S3456789A\n'' at line 1

所以我删除了换行符

nric = nric.replace("\n","");

然后它向我抛出了错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE nric = 'S3456789A'' at line 1

问题是,当我执行 System.out.println 时,撇号没有出现,它只是S3456789A代替S3456789A'. 如何删除撇号?

代码:

从android获取数据和发布:

ArrayList<NameValuePair> postParameters = new ArrayList<NameValuePair>();
postParameters.add(new BasicNameValuePair("nric",nric));
response = CustomHttpClient.executeHttpPost("http://172.27.176.181:8080/SRD/SaveLocation", postParameters);

servlet SaveLocation 的必要部分:

String nric = request.getParameter("nric");
    nric = nric.replace("\n", "");
User elder = new User();
    elder.setNric(nric);
    try {
        if(elder.retrieveUserWithNric())
        {

从 User 实体类中检索UserWithNric:

public boolean retrieveUserWithNric() throws SQLException
{
    boolean success = false;
    ResultSet rs = null;
    try {
        Context ctx = new InitialContext();
        ds = (DataSource)ctx.lookup("java:comp/env/jdbc/srd");
      } catch (NamingException e) {
          System.out.println("User: Naming Exception");
        e.printStackTrace();
      }
    Connection conn = ds.getConnection();

    PreparedStatement pstmt = null;
    String dbQuery = "SELECT * FROM User WHERE nric = ?";
    System.out.println("retrieveUserwithNric nric is "+nric);
    try {
        pstmt = conn.prepareStatement(dbQuery);
        pstmt.setString(1, nric);
        rs = pstmt.executeQuery();
    } catch (SQLException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }
    try {
        if (rs.next()) {
            id = rs.getInt("id");
            nric = rs.getString("nric");
            password = rs.getString("password");
            salt = rs.getString("salt");
            name = rs.getString("name");
            mobileNo = rs.getInt("mobile_no");
            address = rs.getString("address");
            postal = rs.getInt("postal_code");
            relativeElderly = rs.getString("relative_elderly");
            role = rs.getString("role");
            organization = rs.getString("organization");
            elderlyList = rs.getString("elderly_list"); 
            // image = rs.getBlob("image");
            success = true;
        }
        else
        {
            System.out.println("rs does not have next");
        }
    } catch (Exception e) {
        e.printStackTrace();
    }
    System.out.println("name is "+name);
    System.out.println("role is "+role);
    conn.close();
    return success;
}
4

1 回答 1

1

撇号不存在。错误消息用撇号括起来,删除它们你会得到:

WHERE nric = 'S3456789A'

其他原因导致此错误。

于 2012-07-17T05:44:22.363 回答