我正在尝试将一些数据添加到我的数据库中,但出现错误:com.mysql.jdbc.exceptions.MySQLSyntaxErrorException。
代码如下:
Main.java中的AddToDatabase方法
public static void addToDatabaze(String name ,String address, String city, String phone, String email, String dateOfBirth, String age, String martialStatus, String gender, String id, String mainDepartment, String department, String training) throws ClassNotFoundException, SQLException
{
//Databaza
Class.forName("com.mysql.jdbc.Driver");
String url="jdbc:mysql://***.*.*.*:****/employ";
String uname="*****";
String pass="***********";
connect = DriverManager.getConnection(url,uname,pass);
Statement statement;
String query = "INSERT INTO employeetable (name,address,city,phone,email,dateofbirth,age,martialstatus,gender,id,maindepartment,department,training)values(" + name + "," + address + "," + city + "," + phone + "," + email + "," + dateOfBirth + "," + age + "," + martialStatus + "," + gender + "," + id + "," + mainDepartment + "," + department + "," + training + ")";
statement = connect.createStatement();
statement.execute(query);
}
AddNewEmployeeController.java
private Main main;
@FXML
private TextField nameField;
@FXML
private TextField addressField;
@FXML
private TextField cityField;
@FXML
private TextField phoneField;
@FXML
private TextField emailField;
@FXML
private DatePicker dateOfBirth;
@FXML
private TextField ageField;
@FXML
private ChoiceBox martialStatusBox;
@FXML
private RadioButton maleButton;
@FXML
private RadioButton femaleButton;
@FXML
private TextField idField;
@FXML
private ComboBox mainDepartmentBox;
@FXML
private ComboBox departmentBox;
@FXML
private CheckBox yesBox;
@FXML
private CheckBox noBox;
@FXML
private void addButton() throws ClassNotFoundException, SQLException
{
if(yesBox.isSelected())
{
main.addToDatabaze(nameField.getText(),addressField.getText(),cityField.getText(),phoneField.getText(),emailField.getText(),dateOfBirth.getValue().toString(),ageField.getText(),martialStatusBox.getSelectionModel().getSelectedItem().toString(),"Male",idField.getText(),mainDepartmentBox.getSelectionModel().getSelectedItem().toString(),departmentBox.getSelectionModel().getSelectedItem().toString(),"Yes");
closeBtn();
}
}
输出:
Caused by: com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Years,Single,Male,1404996,Electrical,Design,Yes)' at line 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2985)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1631)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1723)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3277)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3206)
at com.mysql.jdbc.Statement.execute(Statement.java:727)
at employee.Main.addToDatabaze(Main.java:58)
at employee.view.AddNewEmployeeController.addButton(AddNewEmployeeController.java:164)
... 118 more
附注Main:java:58 是这一行:
statement.execute(query);
AddNewEmployeeController.java:164 是这一行:
main.addToDatabaze(nameField.getText(),addressField.getText(),cityField.getText(),phoneField.getText(),emailField.getText(),dateOfBirth.getValue().toString(),ageField.getText(),martialStatusBox.getSelectionModel().getSelectedItem().toString(),"Male",idField.getText(),mainDepartmentBox.getSelectionModel().getSelectedItem().toString(),departmentBox.getSelectionModel().getSelectedItem().toString(),"Yes");
年,单例,男,1404996,机电,设计,是的是: 当我尝试将数据添加到:TextField ageField、ChoiceBox martialStatusBox、“Male”、idField、ComboBox mainDepartmentBox、ComboBox departmentBox、“Yes”时。
最佳答案
您需要使用 prepared statements :
try (PreparedStatement statement = connection.prepareStatement(
"INSERT INTO employeetable (name,address,city,phone,email,dateofbirth,age,martialstatus,gender,id,maindepartment,department,training)" +
" values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
statement.setString(1, name);
statement.setString(2, address);
// ... etc for the other fields
statement.executeUpdate();
}
原始代码的问题在于您忘记在字符串值周围添加引号。天真的解决方案是使用
"...('" + name + "','" + address + "'..."
然而这仍然很糟糕,因为猜猜如果 name
的值为 O'Reilly
会发生什么。这称为 SQL 注入(inject),它是最大的安全问题之一,即使使用如上所示的准备好的语句也可以轻松避免它。
关于java - 异常 com.mysql.jdbc.exceptions.MySQLSyntaxErrorException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40406495/