首先我想为这个标题道歉,但是当我解释时你就会明白为什么我不知道该怎么说。无论如何,我正在编写一个聊天程序,当我给出“更新”命令时,我会用我想要更新的字段的名称来跟踪它,然后给出我的新值。我的问题是,它让我遇到了有关错误列的异常,但我确信经过多次检查后,我给出的字段名称与 SQL 中的字段名称相同。我将 MySQL 与 phpMyAdmin 一起使用。这是我的代码部分:
客户:
if (mymessage.equals("UPDATE")) {
String[] arr = input.nextLine().split(" ");
message = id + "-=-" + arr[0].trim() + "-=-" + arr[1].trim();
message2 = encrypt(message, serverAesKey);
write.println(message2);
write.flush();
}
服务器:
if (msg[2].trim().equals("UPDATE")) {
System.out.println("waiting...");
message = read.nextLine();
command = Mediator.decrypt(message, Mediator.getServerAesKey());
System.out.println(command);
msg = command.split("-=-");
int id = Integer.parseInt(msg[0].trim());
String field = msg[1].trim();
String update = msg[2].trim();
System.out.println("....."+id+"-"+field+"-"+update);
Mediator.updateDB(id, field, update); >>this simply runs the method below
public void updateInfo(int id, String field, String update) {
Connection connection;
try {
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/chat", "root", "");
switch (field) {
case "name":
String SQLname = "UPDATE info SET name = " + update + " WHERE id = " + id + "";
PreparedStatement pstmtName = connection.prepareStatement(SQLname);
pstmtName.executeUpdate();
break;
case "password":
String SQLpassword = "UPDATE info SET password = " + update + " WHERE id = " + id + "";
PreparedStatement pstmtPwd = connection.prepareStatement(SQLpassword);
pstmtPwd.executeUpdate();
break;
}
} catch (ClassNotFoundException | SQLException e) {
e.printStackTrace();
}
}
这是我得到的异常(exception):
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'nick' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2624)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2127)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2427)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2345)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2330)
at test.Database.updateInfo(Database.java:122)
at test.Mediator.updateDB(Mediator.java:100)
at test.ServerService.executeService(ServerService.java:108)
at test.ServerService.run(ServerService.java:73)
at java.lang.Thread.run(Thread.java:722)
这是我的输出,您可以看到我的消息已正确拆分:
4-=-admin-=-UPDATE
waiting...
4-=-name-=-nick
.....4-name-nick
这是我的数据库:
id|username|password|name|login
3 |user |user |user|0
4 |admin |admin |admin|0
(我会放一张图片,但我缺乏声誉,但这正是它的写法。)
您可以忽略有关中介器和加密/解密的任何内容,它们工作得很好。我想知道的是,当我给出正确的字段时,为什么会出现异常。
最佳答案
基本上,列name是某种文本数据类型(varchar等...),所以而不是...
String SQLname = "UPDATE info SET name = " + update + " WHERE id = " + id + "";
PreparedStatement pstmtName = connection.prepareStatement(SQLname);
pstmtName.executeUpdate();
问题是,UPDATE info SET name = "+ update + "WHERE id = "+ id + " 看起来像 UPDATE info SET name = nick WHERE id = 0 code> 到数据库...nick 对数据库意味着什么?我想象的不多。
您应该将值绑定(bind)到 PreparedStatement
String SQLname = "UPDATE info SET name = ? WHERE id = ?";
PreparedStatement pstmtName = connection.prepareStatement(SQLname);
pstmtName.setString(1, update);
pstmtName.setInt(2, id);
pstmtName.executeUpdate();
这将为您省去很多数据转换方面的麻烦(因为驱动程序可以处理很多事情)以及可能来自恶意用户的 SQL 注入(inject)
关于java - 无法在 SQL 中更新给定字段,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23072419/