0

基本上我正在尝试使用 getSelectRow 的值更新数据库表。如您所见,查询找到了正确的数据,但在实际尝试将其添加到数据库时存在巨大问题。
错误出现在 SQL 语法中,但我不知道哪里出错了。请帮忙。

这是它执行的查询,但我不知道它为什么不更新表。

INSERT INTO customerdetails 
      FName        = 'Tim'
  AND SName        = 'Cooley'
  AND Address      = '52     Buckminster Drive Dorridge Solihull West Mids'
  AND Postcode     = 'B93 8PG'

Java代码:

private void sendBtnMouseClicked(java.awt.event.MouseEvent evt) {                                     
    // TODO add your handling code here:

    int insertRow = newOrderTbl.getSelectedRow();
    int col2 = 0;

    String sql3 = "INSERT INTO customerdetails VALUES "
            + "FName            = '" + newOrderTbl.getValueAt(insertRow, col2)     +"'"
            + "AND SName        = '" + newOrderTbl.getValueAt(insertRow, col2+1)   +"'"
            + "AND Address      = '" + newOrderTbl.getValueAt(insertRow, col2+2)   +"'"
            + "AND Postcode     = '" + newOrderTbl.getValueAt(insertRow, col2+3)   +"'";
    System.out.println(sql3); 
    try{

        pst = conn.prepareStatement(sql3);
        pst.executeUpdate(sql3);
        JOptionPane.showMessageDialog(null, "Deleted");   


        CustomerTable();

    }
    catch (Exception e){
        JOptionPane.showMessageDialog(null, e);
    }


}
4

3 回答 3

3

首先,您的 SQL 语法是错误的(至少它是您的数据库引擎的非标准 SQL 语法)。其次,您的代码容易受到 SQL 注入攻击。

为了解决这两个问题,你应该使用 a PreparedStatement(你做错了)。您的代码中的一个基本示例:

String sql = "INSERT INTO customerdetails (FName, SName, Address, Postcode) VALUES (?, ?, ?,?)";
PreparedStatement pst = conn.prepareStatemtnt(sql);
pst.setString(1, newOrderTbl.getValueAt(insertRow, col2));
pst.setString(2, newOrderTbl.getValueAt(insertRow, col2+1));
pst.setString(3, newOrderTbl.getValueAt(insertRow, col2+2));
pst.setString(4, newOrderTbl.getValueAt(insertRow, col2+3));
pst.executeUpdate();
//rest of code...

假设您的 SQL 语法可以工作,那么您应该将值作为参数传递,类似于前面的示例:

String sql3 = "INSERT INTO customerdetails VALUES "
        + "FName            = ?"
        + "AND SName        = ?"
        + "AND Address      = ?"
        + "AND Postcode     = ?"
pst = conn.prepareStatement(sql3);
pst.setString(1, newOrderTbl.getValueAt(insertRow, col2));
pst.setString(2, newOrderTbl.getValueAt(insertRow, col2+1));
pst.setString(3, newOrderTbl.getValueAt(insertRow, col2+2));
pst.setString(4, newOrderTbl.getValueAt(insertRow, col2+3));
pst.executeUpdate();
//rest of code...
于 2013-03-31T16:24:49.243 回答
0

对于更新声明,它将是 -

String sql3 = "INSERT INTO customerdetails(FName,SName,Address,Postcode) VALUES "
            + " '" + newOrderTbl.getValueAt(insertRow, col2)     +"',"
            + " '" + newOrderTbl.getValueAt(insertRow, col2+1)   +"',"
            + " '" + newOrderTbl.getValueAt(insertRow, col2+2)   +"',"
            + " '" + newOrderTbl.getValueAt(insertRow, col2+3) + "')";

您也应该为此使用 PreparedStatement。

谢谢

于 2013-03-31T16:25:09.077 回答
0

请改成

String sql3 = "INSERT INTO customerdetails(FName,SName,Address,Postcode) VALUES ("
            + "'" + newOrderTbl.getValueAt(insertRow, col2)     +"'"
            + "'" + newOrderTbl.getValueAt(insertRow, col2+1)   +"'"
            + "'" + newOrderTbl.getValueAt(insertRow, col2+2)   +"'"
            + "'" + newOrderTbl.getValueAt(insertRow, col2+3)   +"')";

您的代码中生成的插入语句似乎无效。有关详细信息,请参阅SQL 插入语句

此外,更好的方法是创建一个专用的服务器端 DAO 类来处理数据库操作。

于 2013-03-31T16:26:42.140 回答