我正在尝试删除包含由我指定值的字段的记录:
public static void delete(String firstName, String lastName, int age)
{
try
{
Statement myStmt = connection.createStatement();
String sql = "delete from students where firstName='" + firstName + "', lastName='" + lastName + "', age='" + age + "'";
myStmt.executeUpdate(sql);
}
catch (SQLException e)
{e.printStackTrace();}
}
代码无效。我绝对确定问题出在它身上。请帮我做正确的sql。如何在表中找到由我指定的字段值的记录?
这是我遇到的一个错误:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where firstName='deleted', lastName='deleted', age='10'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.Util.getInstance(Util.java:408)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2486)
at com.mysql.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1552)
at com.mysql.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2607)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1480)
at Driver.delete(Driver.java:76)
at Driver.main(Driver.java:18)
最佳答案
为了避免所有这些语法错误甚至 SQL 注入(inject),您必须使用 PreparedStatement,因此您可以使用:
String query = "delete from students where firstName=? and lastName=? and age=?";
try (PreparedStatement delete = connection.prepareStatement(query)) {
delete.setString(1, firstName);
delete.setString(2, lastName);
delete.setInt(3, age);//<-----------(1)
delete.executeUpdate();
}
- (1) 我不确定年龄是 int 还是 varchar,所以如果年龄是字符串,则必须改用 setString。
你真正的问题是你必须在 where
中使用 and
, or
而不是 ,
where firstName='" + firstName + "', lastName='" + lastName + "', age='" + age + "'";
//----------------------------------^----------------------------^
关于java - 删除字段具有指定值的记录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44590887/