1

我是这里的新手,我会遇到一个很难得到答案的问题。我需要用 Java 设置一个程序,使用户能够根据他们在 TextField 中键入的内容将值插入数据库。这是我创建的 3 个类:

public class Odabrani{

    public int id;
    String ime;
    String prezime;

        public Odabrani(int id, String ime, String prezime){

            this.id=id;
            this.ime=ime;
            this.prezime=prezime;


        }
}


import com.mysql.jdbc.Connection;
import com.mysql.jdbc.Statement;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;



    public class MySQL{ 
        public static Connection connect() throws InstantiationException, ClassNotFoundException, IllegalAccessException, SQLException{
            Class.forName("com.mysql.jdbc.Driver").newInstance();
            Connection conn = (Connection) DriverManager.getConnection("jdbc:mysql://localhost/prodavnica", "root", "");
            return conn;
        }
    public static void Obrisi(int id) throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException{
        Connection conn = connect();
        Statement st = (Statement) conn.createStatement();
        st.execute("delete from prodavac where id = " + id);
        conn.close();
    }


    public static List<Prodavac> GetProdavci() throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException {

    Connection conn = connect();
    Statement st = (Statement) conn.createStatement();
    st.executeQuery("select * from prodavac");
    ResultSet rs = st.getResultSet();
    List<Prodavac> pr = new ArrayList<Prodavac>();
    while(rs.next()){
        pr.add(new Prodavac(rs.getInt(1),rs.getString(2),rs.getString(3)));
        //String ime = rs.getString(2);

    }
    conn.close();
        return pr;

        }

    public static void Dodaj(String ime, String prezime) throws InstantiationException, IllegalAccessException, ClassNotFoundException, SQLException{
        Connection conn = connect();
        PreparedStatement pst = conn.prepareStatement("insert into prodavac (id, ime, prezime) values (null,' ,' ) + ime, prezime;");
        conn.close();
    }


    }



import java.awt.Button;
import java.awt.FlowLayout;
import java.awt.Frame;
import java.awt.List;
import java.awt.TextField;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JComboBox;
import javax.swing.JDialog;
import javax.swing.JOptionPane;
import javax.swing.JRootPane;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 *
 * @author v
 */
**public class Main** {
       static TextField unos;
       public static Prodavac odabrani_prodavac;
       public static JComboBox c;
       public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException, SQLException{
        Frame f = new Frame("Biblioteka");
        f.setSize(300, 300);
        f.setLocation(300, 300);
        f.setVisible(true);
        f.setLayout(new FlowLayout()); 
        c = new JComboBox();
        List l = new List();
        unos = new TextField(20);
        f.add(unos);

        unos.addActionListener(new ActionListener() {
            public void actionPerformed(ActionEvent e) {
                try {
                    MySQL.Dodaj(odabrani_prodavac.ime, odabrani_prodavac.prezime);
                } catch (InstantiationException ex) {
                    Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                } catch (IllegalAccessException ex) {
                    Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                } catch (ClassNotFoundException ex) {
                    Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                } catch (SQLException ex) {
                    Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                }
            }
        });




        Button b = new Button("obrisi");
        b.addActionListener(new ActionListener() {

               @Override
               public void actionPerformed(ActionEvent e) {
                   if(odabrani_prodavac!=null)
                   try {
                       MySQL.Obrisi(odabrani_prodavac.id);
                       c.removeAllItems();
                       java.util.List<Prodavac> prlist = MySQL.GetProdavci();
                        for(Prodavac p: prlist)
                            c.addItem(p);

                   } catch (InstantiationException ex) {
                       Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                   } catch (IllegalAccessException ex) {
                       Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                   } catch (ClassNotFoundException ex) {
                       Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                   } catch (SQLException ex) {
                       Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                   }
               }
           });

        java.util.List<Prodavac> prlist = MySQL.GetProdavci();
        for(Prodavac p: prlist)
               c.addItem(p);
        f.add(c);
        f.add(b);
        c.addItemListener(new ItemListener() {

               @Override
               public void itemStateChanged(ItemEvent e) {
                   if(e.getStateChange()==ItemEvent.SELECTED){
                    Prodavac p = (Prodavac)e.getItem();
                    odabrani_prodavac = p;
                    JOptionPane.showMessageDialog(null, "Odabrali ste: " + p.toString());
                   }
               }
           });





       }
}

现在,如果您注意这一点,您会发现 delete() 和 gettAll() 方法都可以完美运行,但困扰我的是插入方法。我如何处理有问题的代码,以便将用户输入的文本存储到数据库中。请指教。谢谢你!伊万

4

2 回答 2

1

将您的插入语句更改为

PreparedStatement pst = conn.prepareStatement("insert into prodavac (id, ime, prezime) values (null,'"+ime+"','"+prezime+"'" ); 
于 2013-04-01T17:17:46.847 回答
1

PreparedStatement提供占位符字符以防止SQL 注入攻击以及处理可能需要的任何引号的插入。此外,如果id是一个自动增量字段,您可以从以下内容中省略它SQL

PreparedStatement pst = 
    conn.prepareStatement("insert into prodavac (ime, prezime) values (?, ?)");
pst.setString(1, ime);
pst.setString(2, prezime);
pst.executeUpdate();
于 2013-04-01T17:25:45.993 回答