我试图将我的数据插入到名为 newdevice 的数据库表名中。我的查询是:
String query= uni +"," + nam +","+ temp + "," + vendor + "," + invoice +","+ dop +"," + cost ;
res=stm.executeQuery("INSERT INTO newdevice " + "(uniqueid , device , device_status , vendor_name , invoice , dop , cost)" + " VALUES(" + query +")");
但是当我这样做时,我遇到了这个错误:
org.firebirdsql.jdbc.FBSQLException:GDS 异常。335544569. 动态 SQL 错误 SQL 错误代码 = -104 令牌未知 - 第 1 行,第 106 列
(,) 用逗号显示错误。
问题是您可能缺少字符串值等周围的引号,但是您根本不应该连接这样的值。它使您对 SQL 注入持开放态度。相反,您应该使用PreparedStatement带有参数的 a,如下所示:
try (PreparedStatement pstmt = connection.prepareStatement(
"INSERT INTO newdevice (uniqueid, device, device_status, vendor_name, invoice, dop, cost) VALUES(?, ?, ?, ?, ?, ?, ?)")) {
pstmt.setInt(1, uni);
pstmt.setString(2, nam);
pstmt.setInt(3, temp);
pstmt.setString(4, vendor);
pstmt.setInt(5, invoice);
pstmt.setInt(6, dop);
pstmt.setBigDecimal(7, cost);
pstmt.executeUpdate();
}
请注意,我对setXXX.
引号有问题。我猜这句话(uniqueid , device , device_status , vendor_name , invoice , dop , cost)不应该是双引号。你能试着去掉这个双引号吗?