-1

我可以在按钮单击事件中获取 java mysql 数据库连接和插入记录的示例吗?这是我在 jframe 中使用的代码,但它不起作用它有一个错误。

 private void btnlogActionPerformed(java.awt.event.ActionEvent evt) {                                       

     user=txtuser.getText();
      char[] pass=jPasswordField1.getPassword();
             String passString=new String(pass);
            try{                
                **Connection con =createConnection();**             


java.sql.PreparedStatement statement= con.prepareStatement ("INSERT INTO login(username,Password) VALUES ('" + user + "','" + passString + "')");

statement.setString(1,user);
    statement.setString(2,passString);
statement.execute();
            }
            catch(Exception e){
                JOptionPane.showMessageDialog(null,"Exception: "+ e.toString());
            }

public static void main(String args[]) {
 try {
            Class.forName("com.mysql.jdbc.Driver");
            String connectionUrl = "jdbc:mysql://localhost/Stock?"+
                                   "user=root&password=";
            Connection con = DriverManager.getConnection(connectionUrl);
        } catch (SQLException e) {
            JOptionPane.showMessageDialog(null,"SQL Exception: "+ e.toString());
        } catch (ClassNotFoundException cE) {
            JOptionPane.showMessageDialog(null,"Class Not Found Exception: "+ cE.toString());
        }
4

2 回答 2

0

您应该parameter placeholder (?)在声明参数时使用,不要连接变量。

String strQuery = "INSERT INTO login(username,Password) VALUES (?,?)";
java.sql.PreparedStatement statement = con.prepareStatement(strQuery);
statement.setString(1,user);
statement.setString(2,passString);

更新 1

private void btnlogActionPerformed(java.awt.event.ActionEvent evt) 
{                                       
    user=txtuser.getText();
    char[] pass=jPasswordField1.getPassword();
    String passString=new String(pass);
    try
    {                
        Connection con = createConnection();          
        String strQuery = "INSERT INTO login(username,Password) VALUES (?,?)";
        java.sql.PreparedStatement statement = con.prepareStatement(strQuery);
        statement.setString(1,user);
        statement.setString(2,passString);
        statement.executeUpdate();
    }
    catch(Exception e)
    {
        JOptionPane.showMessageDialog(null,"Exception: "+ e.toString());
    }
}
于 2013-01-12T16:03:10.540 回答
0

您的Connection变量的范围仅限于您的try/catch块。您需要将声明移到块外并使用:

con = createConnection();

try/catch块本身内。

使用PreparedStatement占位符 ( ?) 将构建正确的 SQL 字符串并保护您免受SQL 注入攻击:

PreparedStatement statement = 
   con.prepareStatement ("INSERT INTO login(username, Password) VALUES (?, ?)");

此外,executeUpdate 用于数据库写入操作。代替

statement.execute();


statement.executeUpdate();
于 2013-01-12T16:18:19.023 回答