0

我对这些代码行感到困惑和沮丧:

 String updateSQL="UPDATE " + tableName + " set " + secondColumn + "='"+ value2 + "',"+ thirdColumn + "='"+ value3 +"'" + "," + fourthColumn +"='"+ value4 +"'" + "where " + firstColumn + " = "+ checkvalue ;

我让这个查询完美地工作!虽然我有另一个运行不完美但风格相同的查询:

  String updateSQL="UPDATE " + tableName + " set "  + secondColumn + "='"+ value2 +"'" + ","+ thirdColumn + "='"+ value3 +"'" + "," + fourthColumn +"='"+ value4 +"'" + "," + fifthColumn +"='"+ value5 +"'" + "where " + firstColumn + " = "+ checkvalue ;

在尝试更新时运行这行代码时,我收到错误消息“Where 子句中 'PNO3' 中的未知列”

虽然我知道我在第一列中有 PNO3,但在对第一个 Query 执行相同操作时,它会找到它吗?有什么帮助吗?

我使用此 switch 语句来确保列指向正确的列。

  switch (tableName) {            
             case "s":  
                 firstColumn = "ID";
              secondColumn = "Namn";
              thirdColumn = "Efternamn";
              fourthColumn = "Adress";
                 break;
             case "p":
                  firstColumn = "PNO";
              secondColumn = "PNAME";
              thirdColumn = "COLOR";
              fourthColumn = "WEIGHT";
              fifthColumn = "CITY";
                 break;
             case "j":
                   firstColumn = "JNO";
              secondColumn = "JNAME";
              thirdColumn = "CITY";           
                 break;
             case "spj":
                  firstColumn = "SNO";
              secondColumn = "PNO";
              thirdColumn = "JNO";
              fourthColumn = "QTY";
                 break;

         }
4

2 回答 2

1

您的第二个查询缺少单引号,checkvalue否则它将被视为列名而不是值(假设firstColumn是 varchar)。应该:

String updateSQL="UPDATE " + tableName + " set "  + secondColumn + "='"+ value2 +"'" + ","+ thirdColumn + "='"+ value3 +"'" + "," + fourthColumn +"='"+ value4 +"'" + "," + fifthColumn +"='"+ value5 +"'" + "where " + firstColumn + " = '"+ checkvalue + "'";

注意:您应该真正使用 PreparedStatement 而不是字符串连接。这不仅是可读性问题,而且是安全问题 - 您的代码容易受到 SQL 注入的影响

于 2013-11-06T20:18:17.043 回答
0

无法说出确切的问题,但我猜 * firstColumn 是 Varchar(),如果是,则将单引号添加到状态值。或 * 您将错误的列名传递给您的表。

如果您发布了错误,它将非常有帮助。

建议:一定要使用参数化语法,因为它们比你的更容易阅读。

于 2013-11-06T20:02:13.350 回答