应该是这样的,如下所示。更好地列出列名,以便将来更改表并提高可读性。A(
在您的代码中迷路了。使用准备好的语句转义字符串并防止 SQL 注入。对于日期、整数等也是有益的。
java.sql.Date date = new java.sql.Date(SimpleDateFormat("dd/MM/yyyy").parse(d).getTime());
PreparedStatement stmt = db.conn.createPreparedStatement();
String sql = "INSERT INTO diag.current (COL1, COL2, COL3, COL4) VALUES(?, ?, ?, ?)";
PreparedStatement stmt = db.conn.createPreparedStatement();`
stmt.setString(1, col1);
stmt.setString(2, col2);
stmt.setDate(3, date);
stmt.setString(4, col4);
stmt.executeUpdate();
stmt.close();
我使用您的帮助编辑了我的程序,如下所示:
java.sql.Date date = new java.sql.Date(SimpleDateFormatter("dd/MM/yyyy").parse(d).getTime());
PreparedStatement stmt = db.conn.prepareStatement();
String sql = "INSERT INTO diag.current (name, patientID, address, sex, phone, vip, email, purpose, history, tests, doc, charges, status, dob, nextapp) " +
"VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
PreparedStatement stmt = db.conn.createPreparedStatement();
stmt.setString(1, name);
stmt.setString(2, id);
stmt.setString(3, add);
stmt.setString(4, sex);
stmt.setString(5, ph);
stmt.setString(6, vip);
stmt.setString(7, mail);
stmt.setString(8, pur);
stmt.setString(9, phis);
stmt.setString(10, tests);
stmt.setString(11, dc);
stmt.setInt(12, total);
stmt.setString(13, status);
stmt.setDate(14, date);
stmt.setDate(15, date);
stmt.executeUpdate();
stmt.close();
问:但是不支持,我应该使用哪个导入SimpleDateFormatter
?createPreparedStatement
A:错别字,应该是
java.text.SimpleDateFormat
con.prepareStatement