我被下面的代码卡住了,我不明白为什么会出现异常。
当我将它放入 phpMyAdmin 的 SQL 字段时,该字符串运行良好。
我收到了一张表,如我所料,即带有 1 个值的表 cid,playerID。
我还在变体中使用了这段代码,我说 "WHERE playerID = "+playerID 并且有效....
当我通过 eclipse 运行它时,为什么它不起作用,我真的很兴奋。
是的,我确实在这里搜索过,发现了很多类似的 MySQLSyntaxErrorException 线程,但没有一个让我找到解决方案
public int getUserIDfromDBcoolpag(String inputUsername){
System.out.println("getUserIDfromDBcoolpag called");
int playerID = 0;
try {
SQLConnection.getInstance().init(DATABASE_HOST, DATABASE_PORT, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD);
Connection connection = SQLConnection.getInstance().getConnection();
try
{
String getPlayerID = "SELECT coolpag.player.id as cid FROM coolpag.player WHERE username=" +inputUsername;
PreparedStatement statement = connection.prepareStatement(getPlayerID);
try
{
ResultSet res = statement.executeQuery();
try
{
while (res.next())
{
playerID = res.getInt("cid");
}
// System.out.println("LOG: output operation finished");
}
finally
{
res.close();
}
}
finally
{
statement.close();
}
}
finally
{
}
boolean isAlive = SQLConnection.getInstance().getConnection().isClosed();
if(isAlive){
System.out.println("Connection is not yet closed");
}
} catch (NullPointerException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return playerID;
}
最佳答案
代替
String getPlayerID = "SELECT coolpag.player.id as cid FROM coolpag.player WHERE username=" +inputUsername;//inputUsername must be quoted
PreparedStatement statement = connection.prepareStatement(getPlayerID);
使用
String getPlayerID = "SELECT coolpag.player.id as cid FROM coolpag.player WHERE username=?";
PreparedStatement statement = connection.prepareStatement(getPlayerID);
statement.setString(inputUsername);//to avoid sql injection
关于Java/SQL : MySQLSyntaxErrorException: Unknown column 'username' in 'where clause' ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31748213/