0

需要帮助请..

    Connection cn = DriverManager.getConnection ("jdbc:mysql://localhost/posdb", "root", "");
    PreparedStatement dat = cn.prepareStatement("INSERT INTO order VALUES('"+num+"',"+buyamount.elementAt(0)+","+buyamount.elementAt(1)+","+buyamount.elementAt(2)+","+buyamount.elementAt(3)+","+buyamount.elementAt(4)+","+buyamount.elementAt(5)+","+buyamount.elementAt(6)+","+buyamount.elementAt(7)+","+buyamount.elementAt(8)+","+buyamount.elementAt(9)+","+buyamount.elementAt(10)+","+buyamount.elementAt(11)+","+buyamount.elementAt(12)+","+buyamount.elementAt(13)+","+buyamount.elementAt(14)+","+buyamount.elementAt(15)+","+buyamount.elementAt(16)+","+buyamount.elementAt(17)+","+buyamount.elementAt(18)+","+buyamount.elementAt(19)+","+tot+","+tot2+","+(tot2-tot)+")");
    System.out.println(dat);
    dat.executeUpdate();
    cn.close();

错误信息 :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order VALUES('20130605093640',1, 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9500,1200' at line 1

num 是字符串,tot 和 tot2 是整数,buyamount 是整数向量。

谢谢..任何帮助将不胜感激..

4

2 回答 2

1

Order是 MySQL 中的保留字——在它周围使用反引号:

INSERT INTO `order`...

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

于 2013-06-05T02:46:38.593 回答
0

此外,您可能需要考虑以正确的方式使用准备好的语句。这将有助于避免 sql 注入并使您的代码更易于阅读。

private static final String INSERT = "insert into myTable values(?,?,?)";
public void insertData(String varA, int numB, Date myDate) throws SQLException  {

    Connection cn=null;
    PreparedStatement ps=null;
    try {
        cn = DriverManager.getConnection("...your connection string...");
        ps = cn.prepareStatement(INSERT);
        ps.setString(1, varA);
        ps.setInt(2, numB);
        ps.setDate(3, myDate);

        ps.executeUpdate();

    }catch(SQLException sqe) {
        throw sqe;
    } finally {
        try {ps.close();}catch(Exception ex) {}
        try {cn.close();}catch(Exception ex) {}
    }
}
于 2013-06-05T03:07:20.267 回答