3

我想在我的项目中使用数据库,然后我使用此代码进行测试(来自 jdbc tutorialspoint)并为我的代码和数据库更改它,然后我收到此错误:

Creating statement...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM test SET name=eee WHERE id=1' at line 1
Error: unable to connect to SQL!
java.sql.SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM test SET name=eee WHERE id=1' at line 1
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2975)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1600)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1695)
    at com.mysql.jdbc.Connection.execSQL(Connection.java:3020)
    at com.mysql.jdbc.Connection.execSQL(Connection.java:2949)
    at com.mysql.jdbc.Statement.execute(Statement.java:538)
    at Test.main(Test.java:49)

我的代码:

import java.sql.*;
import java.math.*;


public class Test {
    final static String DB_URL = "jdbc:mysql://localhost/testdb";
    final static String USER = "root";
    final static String PASS = "";

    final static String JDBC_DRIVER="com.mysql.jdbc.Driver";

    public static void main(String[] args) {
        Connection conn = null;
        Statement stmt = null;
        try {
            Class.forName("com.mysql.jdbc.Driver").newInstance();
            conn = DriverManager.getConnection(DB_URL,USER,PASS);
            System.out.println("Creating statement...");
            stmt = conn.createStatement();
            String sql = "UPDATE name FROM test SET name=eee WHERE id=1";


            Boolean ret = stmt.execute(sql);
            System.out.println("Return value is : " + ret.toString() );


            int rows = stmt.executeUpdate(sql);
            System.out.println("Rows impacted : " + rows );

            sql = "SELECT id,name FROM test";
            ResultSet rs = stmt.executeQuery(sql);

            while(rs.next()){
                int id  = rs.getInt("id");
                String name = rs.getString("name");

                System.out.print("ID: " + id);
                System.out.print(", name: " + name);
            }
            rs.close();
            stmt.close();
            conn.close();
        }
        catch(ClassNotFoundException ex) {
            ex.printStackTrace();
            System.out.println("\n" + ex.getMessage());
            System.out.println("Error: unable to load driver class!");

            System.exit(1);
        }
        catch(IllegalAccessException ex) {
            ex.printStackTrace();
            System.out.println("\n" + ex.getMessage());
            System.out.println("Error: access problem while loading!");
            System.exit(2);
        }
        catch(InstantiationException ex) {
            ex.printStackTrace();
            System.out.println("\n" + ex.getMessage());
            System.out.println("Error: unable to instantiate driver!");
            System.exit(3);
        }
        catch (SQLException ex) {
            // TODO Auto-generated catch block
            ex.printStackTrace();
            System.out.println("\n" + ex.getMessage());
            System.out.println("Error: unable to connect to SQL!");
            System.exit(4);
        }
    }
}

我的数据库是:我的数据库的 图片

我看到了这个页面 ,但它对我没有帮助!

4

5 回答 5

3

起初,您的声明不是有效的更新声明。它有约定:

update <tableName> set <column> = '<newValue>';

这是最简单的更新语句。它将更新所有行。然后您可以添加where 子句来选择行。看看这个

其次,您直接为列添加值,而不是将值包装到单引号中(它们必须被包装,否则它将不起作用)。要修复它,您需要添加单引号,例如:

set name = 'value';

当然,这可行,但我不喜欢这种方法。这是非常危险和不安全的。我建议您使用更安全(小心SQL 注入)和更易于阅读的参数化语句。

PreparedStatement 用法的简单示例:

String sql = "UPDATE test SET name = ? WHERE id = ?";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, <nameValue>); // binding value for name column
ps.setInt(2, <idValue>); // binding value for where clause
ps.executeUpdate(); // executes statement

我想提一下 PreparedStatements 的几个主要优点:

  • 它们是预编译的,SQL 语句的数据库端缓存导致整体执行速度更快,并且能够批量重用相同的 SQL 语句。
  • 通过对引号和其他特殊字符的内置转义自动防止 SQL 注入攻击。
  • 简化 SQL 中非标准 Java 对象的设置(日期、时间、时间戳、BigDecimal、Blob 等)
于 2013-08-10T15:17:44.400 回答
2

此查询不正确

String sql = "UPDATE name FROM test SET name=eee WHERE id=1";

将其修改为

String sql = "更新测试集名称='eee' WHERE id=1";

于 2013-08-10T15:11:43.440 回答
0

更改 String sql = "UPDATE name FROM test SET name=eee WHERE id=1";

 String sql = "UPDATE test SET name='eee' WHERE id=1";
于 2013-08-10T15:10:50.730 回答
0

构建查询的另一个不错的选择是使用“准备好的语句” - 看看 oracle 教程 -链接

它有助于避免在您的情况下出现引号问题,并提供更大的顺序性。我记得它提供了一些准备,有助于更快地执行查询。

于 2013-08-10T15:17:07.840 回答
-1

代替:

 String sql = "UPDATE name FROM test SET name=eee WHERE id=1";


 String sql = "UPDATE name FROM test SET name='eee' WHERE id=1";
于 2013-08-10T15:11:53.303 回答