8

您好我正在尝试将值插入到 mysql 表中。我正在尝试这段代码。我已经为变量赋值,我想将该变量传递给那个插入语句。这个对吗?

code
    int tspent = "1";
    String pid = "trng";
    String tid = "2.3.4";
    String rid = "tup";
    String des = " polish my shoes!";

    INSERT INTO `time_entry`(pid,tid,rid,tspend,description) VALUE ('"+pid+"','"+tid+"','"+rid+"',"+tspent+",'"+des+"');

这是我尝试过的,但我无法插入值

try
       {
           conn=DBMgr.openConnection();     
           String sqlQuery = "INSERT INTO `time_entry`(pid,tid,rid,tspend,description) VALUE ('"+pid+"','"+tid+"','"+rid+"',"+tspent+",'"+des+"');";
           st = conn.createStatement();
           rs = st.executeQuery(sqlQuery); 
       }
4

4 回答 4

19

executeUpdate()每当您的查询是SQL 数据操作语言语句时,您都应该使用方法。此外,您当前的查询容易受到SQL Injection的攻击。

你应该使用PreparedStatement

PreparedStatement pstmt = conn.prepareStatement("INSERT INTO `time_entry`(pid,tid,rid,tspend,description) VALUES (?, ?, ?, ?, ?)");\

然后在这些索引处设置变量:

pstmt.setString(1, pid);
// Similarly for the remaining 4 

// And then do an executeUpdate
pstmt.executeUpdate();
于 2013-06-20T06:58:28.687 回答
16

尝试这个,

    String driver="com.mysql.jdbc.Driver";
    String url="jdbc:mysql://localhost:3306/dbname";
    String uname="username";
    String pass="password";
    Class.forName(driver);
    Connection c=(Connection) DriverManager.getConnection(url,uname,pass);
    Statement s=c.createStatement();
    s.executeUpdate("INSERT INTO `time_entry`(pid,tid,rid,tspend,description) VALUE ('"+pid+"','"+tid+"','"+rid+"',"+tspent+",'"+des+"')");
于 2013-06-20T07:03:09.167 回答
8

使用PreparedStatement并使用其setXXX()方法设置值。

PreparedStatement pstmt = con.prepareStatement("INSERT INTO `time_entry`
        (pid,tid,rid,tspend,description) VALUE 
        (?,?,?,?,?)");
pstmt.setString(1, pid );
pstmt.setString(2, tid);
pstmt.setString(3, rid);
pstmt.setInt(4, tspent);
pstmt.setString(5,des );
pstmt.executeUpdate();
于 2013-06-20T06:57:07.440 回答
0 
import java.sql.*;  
class Adbs1{  
public static void main(String args[]){  
try{  
Class.forName("com.mysql.jdbc.Driver");  
Connection con=DriverManager.getConnection(  
"jdbc:mysql://localhost:3306/rk","root","@dmin");  
//here rk is database name, root is username and password  
Statement stmt=con.createStatement();  

stmt.executeUpdate("insert into emp values('rk11','Irfan')");
 // stmt.executeUpdate("delete from  emp where eid ='rk4'");
//stmt.executeUpdate("update emp set ename='sallu bhai' where eid='rk5'");

 ResultSet rs=stmt.executeQuery("select * from emp");  
   while(rs.next())  
    System.out.println(rs.getString(1)+"  "+rs.getString(2));  

con.close();  
      }catch(Exception e){ System.out.println(e);}  
    }  
}
于 2017-01-05T07:41:07.937 回答