-3

我有一个有两个文本字段和一个保存按钮的框架,

第一个文本字段获取 id 和第二个获取名称,当我单击按钮时,此信息应保存在数据库中。

public class d4 extends JFrame implements ActionListener {

Connection con;
String dbName = "mydb";
String bdUser = "root";
String dbPassword = "2323";
String dbUrl = "jdbc:mysql://localhost/mydb";
JButton okButton;
JTextField tf1;
JTextField tf2;
String id;
String name;

public d4() {

    add(mypanel(), BorderLayout.PAGE_START);
    setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
    setSize(400, 500);
    setLocation(300, 30);
    setVisible(true);
}

public JPanel mypanel() {
    JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT));
    okButton = new JButton("Ok");
    okButton.addActionListener(this);
    tf1 = new JTextField(10);
    tf2 = new JTextField(10);
    panel.add(okButton);
    panel.add(tf1);
    panel.add(tf2);
    return panel;
}

public static void main(String[] args) {
    new d4();
}

@Override
public void actionPerformed(ActionEvent e) {
    if (e.getSource() == okButton) {
        id = tf1.getText();
        name = tf2.getText();
        try {
            con = DriverManager.getConnection(dbUrl, bdUser, dbPassword);
            System.out.println("Connected to database successfully!");

        } catch (SQLException ex) {
            System.out.println("Could not connect to database");
        }
        excuteQuery(id, name);
    }
}

public void excuteQuery(String ID, String NAME) {
    try {
        Statement st1 = con.createStatement();
        ResultSet result1 = st1.executeQuery("select mytable");
        st1.execute("insert into mytable values ( " + ID + "," + NAME + ")");


    } catch (SQLException ex) {
        System.out.println("execute time exception");
        ex.printStackTrace();
    }
}
}

输出:

在此处输入图像描述

 Connected to database successfully!
 execute time exception
 com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'mytable' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2618)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568)
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1557)
at JDBCtest.d4.excuteQuery(d4.java:86)
    ...
4

1 回答 1

3

  • 不要忘记引号

    st1.execute("insert into mytable values ( '" + ID + "', '" + NAME + "')");

  • 不要忘记关闭数据库连接

    excuteQuery(id, name);
con.close();

  • 我猜之前不需要执行选择

    // ResultSet result1 = st1.executeQuery("select mytable");

  • 而且,由于您接受来自用户的输入,因此您很容易受到 SQL 注入攻击。使用 aPreparedStatement.executeUpdate()代替:

    Statement ps = con.prepareStatement("INSERT INTO mytable VALUES (?, ?)");

ps.setString(1, ID);
ps.setString(2, NAME);

ps.executeUpdate();

    PreparedStatement 也会处理引号。

于 2013-06-24T15:52:34.350 回答