0

我得到以下异常,

java.sql.SQLSyntaxErrorException: Syntax error: Encountered "80" at line 1, column 1100.

当我尝试像下面这样插入时!知道这可能意味着什么吗??!

String insertString = "insert into queries (data_id, query, "
                + "query_name, query_file_name, status) values(" + currentDataID + ", '"
                + params[1] + "', '" + params[2] + "', '" 
                + params[3] + "', '" + params[4] + "')";
try {
     Statement stmt = dbconn.createStatement();
     stmt.execute(insertString, Statement.RETURN_GENERATED_KEYS);
     ResultSet rs = stmt.getGeneratedKeys(); 

     if (rs != null && rs.next()){     
           currentDataID = (int) rs.getLong(1); 
     } 
} catch (SQLException ex) {
}

表定义,

CREATE TABLE queries (query_id INT not null primary key GENERATED "
                + "ALWAYS AS IDENTITY (START WITH 1, INCREMENT BY 1), data_id "
                + "INTEGER not null, foreign key (data_id) references data "
                + "(data_id), query LONG VARCHAR, query_name VARCHAR(150), "
                + "query_file_name VARCHAR(150),status VARCHAR(20))
4

2 回答 2

5

使用准备好的语句尝试这种方法:

String insert = "INSERT INTO queries (data_id, query, query_name," +
        " query_file_name, status) VALUES (?,?,?,?,?)";

PreparedStatement stmt = dbconn.prepareStatement(insert, Statement.RETURN_GENERATED_KEYS);
// Why do you set this if you want the DB to generate it?
stmt.setInt(1, currentDataID); // or setLong() depending on data type
stmt.setString(2, params[1]); // I assume params is a String[]
stmt.setString(3, params[2]);
stmt.setString(4, params[3]);
stmt.setString(5, params[4]);
stmt.execute();

ResultSet rs = stmt.getGeneratedKeys();
if (rs.next()) {
    // if it's an int, avoid the cast and use rs.getInt(1) instead
    currentDataID = (int) rs.getLong(1);
}

我不明白你为什么设置,data_id而后面的代码期望数据库生成它......你的表定义会有所帮助。

于 2011-10-29T14:17:00.363 回答
4

这可能是因为您的params[]其中一个包含引号字符。

这个问题正是你不应该创建这样的 SQL 表达式,而应该使用PreparedStatement. 请阅读SQL 注入

于 2011-10-29T14:08:13.017 回答