-1

我试图通过将我的表中的值与我从 ID 号中捕获的关于用户的变量进行比较,将一个值从我的数据库中的另一个表中插入到一个表中。

我收到以下错误: 

java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Missing semicolon (;) at end of SQL statement.

这是我用来尝试上述的代码:

    Statement stmt1 = con.createStatement();

    String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= " + details.getAge() + "AND Group_MaxAge >= " + details.getAge() + "AND Group_Gender = 'details.getGender()'";
    stmt1.executeUpdate(mySqlStatement1);
4

1 回答 1

3

暂时将有关 SQL 注入攻击的标准警告放在一边,您的语句的问题是您错误地放置了引号并且在您的 s 之前没有空格AND

String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= "
 +   details.getAge()
 +   " AND Group_MaxAge >= " // Add space
 +   details.getAge()
 +   " AND Group_Gender = '" // Add space
 +   details.getGender()     // This part was enclosed in double-quotes
 +   "';";                   // Add semicolon at the end

为了防止注入攻击,您应该参数化您的查询,并将值绑定到准备好的语句的参数:

String mySqlStatement1 = "INSERT INTO Entrant_Group VALUES (Group_Description) WHERE Group_MinAge <= ? AND Group_MaxAge >= ? AND Group_Gender = ?;";
于 2013-08-04T11:13:29.777 回答