我正在尝试使用用户输入从属性歌曲中删除一个元组,但我收到一条错误消息
java.sql.SQLSyntaxErrorException:“where 子句”中的未知列“Paragould”
下面是我的代码
public static void removeSong(){
Faker faker=new Faker();
Statement stmt=null;
Connection conn=null;
Scanner in=new Scanner(System.in);
System.out.println("Which song would you like to remove?");
String songName=in.next();
String removeSongStmt="DELETE FROM allSavedSongs WHERE song="+songName+" AND userID="+currentUserID;
try {
conn=DriverManager.getConnection(DB_URL,USER,PASS);
PreparedStatement preparedStmt=conn.prepareStatement(removeSongStmt);
preparedStmt.execute();
} catch (SQLException e) {
e.printStackTrace();
}
}
最佳答案
字符串必须用引号引起来,如下所示:
String removeSongStmt="DELETE FROM allSavedSongs WHERE song='"+songName+"' AND userID='"+currentUserID+"';";
编辑:这种解析非常不安全,因为字符串可能包含任何类型的垃圾。它们还可能包含 SQL 命令,这些命令会执行并对您造成很大伤害。您应该使用准备好的语句的强大功能,如下所示:
conn=DriverManager.getConnection(DB_URL,USER,PASS);
PreparedStatement preparedStmt=conn.prepareStatement("DELETE FROM allSavedSongs WHERE song=? AND userID=?");
preparedStmt.setString(songname);
preparedStmt.setString(currentUserID);
preparedStmt.execute();
关于java - 尝试使用准备好的语句删除元组,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56093841/