0

好的,那么我的 SQL*Plus 语句有什么问题?据我所知,一切都应该正常工作?

   //get parameters from the request
 String custID=request.getParameter("cust_ID");
 String saleID=request.getParameter("sale_ID");
 String firstName=request.getParameter("first_Name");
 String mInitial=request.getParameter("mI");
 String lastName=request.getParameter("last_Name");
 String streetName=request.getParameter("street");
 String city=request.getParameter("city");
 String state=request.getParameter("state");
 String zipCode=request.getParameter("zip_Code");
 String DOB=request.getParameter("DOB");
 String agentID=request.getParameter("agent_ID");
 String homePhone=request.getParameter("home_Phone");
 String cellPhone=request.getParameter("cell_Phone");
 String profession=request.getParameter("profession");
 String employer=request.getParameter("emoployer");
 String referrer=request.getParameter("referrer");

 stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

SQL DDL

   CREATE TABLE customer
       (cust_ID     NUMBER          NOT NULL,
        sale_ID             NUMBER          NOT NULL,
        first_Name      VARCHAR2(30)        NOT NULL,
        mI          VARCHAR2(2)         ,
        last_Name       VARCHAR2(50)        NOT NULL,
        street_Name     VARCHAR2(50)        NOT NULL,
        city            VARCHAR2(30)        NOT NULL,
        state           VARCHAR2(2)     NOT NULL,
        zip_Code        VARCHAR2(5)     NOT NULL,
        DOB         DATE            ,
        agent_ID        NUMBER              ,
        home_Phone      VARCHAR2(12)        UNIQUE,         
        cell_Phone      VARCHAR2(12)        UNIQUE,
        profession      VARCHAR2(30)            ,
        employer        VARCHAR2(30)            ,
        referrer        VARCHAR2(30)            
     );

SQL DML

INSERT INTO customer 
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);

INSERT INTO customer 
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);

SELECT * FROM customer;
4

1 回答 1

5

您没有插入变量的值。您正在插入变量名称。

代替

stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

经过

preparedStatement = connection.prepareStatement("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
preparedStatement.setLong(1, Long.valueOf(custID));
preparedStatement.setLong(2, Long.valueOf(saleID));
preparedStatement.setString(3, firstName);
// ...
preparedStatement.executeUpdate();

请注意,您不应使用字符串连接+将变量粘合到 SQL 字符串中。它对SQL 注入攻击完全开放。PreparedStatement一路使用。

于 2011-04-17T02:26:26.990 回答