1

我的 java 程序从文本字段中收集文件路径:

pathField.getText();

并将结果插入我的数据库(phpMyAdmin)。但是,它似乎不包括反斜杠()。EG - C:UsersSteveDesktop

数据库中的 FilePath 字段设置为“文本”。我已经pathField.getText()在一个System.out声明中测试了它,它用反斜杠打印。

Statement st = (Statement) conn.createStatement();

            String query_to_update = "INSERT INTO `evidence_db`.`mcases` ("
                    + "`PID`,"
                    + " `FilePath`) "
                    + "VALUES ("
                    + "DEFAULT,"
                    + " '" + pathField.getText() + "');";

            System.out.println("Query: " + query_to_update);

            int val = st.executeUpdate(query_to_update);

请注意,我已经编辑了上面的代码,所以可能会有一些小错误。

4

1 回答 1

3

你应该使用准备好的语句来避免这种错误

public static void main(String args[]) {

  Connection con = null;
  PreparedStatement pst = null;
  ResultSet rs = null;

  try {

  Class.forName(driver);
  con = DriverManager.getConnection(connection);

  String sql =
  "select * from Employees where FirstName " + "in(?,?,?)";
  pst = con.prepareStatement(sql);

  pst.setString(1, "komal");
  pst.setString(2, "ajay");
  pst.setString(3, "santosh");

  rs = pst.executeQuery();
  System.out.println("EmployeeID\tFirstName");
  while (rs.next()) {
  System.out.print("  "+rs.getString(1));
  System.out.print("\t\t"+rs.getString(2));
  System.out.println("\t\t"+rs.getString(3));
  }

  } catch (Exception e) {
  System.out.println(e);
  }
  }
}

所以在你的情况下

String query_to_update = "INSERT INTO `evidence_db`.`mcases` ("
                    + "`PID`,"
                    + " `FilePath`) "
                    + "VALUES (?,?);";

PreparedStatement pst=coneection.prepareStatement(query_to_update);
pst.setString(1,"DEFAULT");
pst.setString(2,pathField.getText());
pst.executeUpdate();
于 2012-12-14T17:05:42.770 回答