我有以下方法将人员存入数据库,稍后用于创建人员对象:
public static void addPerson(String personCode, String firstName, String lastName,
String phoneNo, String street, String city, String state,
String zip, String country) {
Connection conn = database.com.airamerica.interfaces.DatabaseConnect.getConnection();
PreparedStatement ps;
ResultSet rs;
String addAddressQuery = "INSERT INTO `Addresses` (`street`,`city`,`state`,`zip`,`country`) VALUES (?,?,?,?,?)";
String checkAddress = "SELECT `address_ID` FROM `Addresses` WHERE street = ? AND city = ? AND state = ? AND zip = ? AND country = ?";
String addPersonQuery = "INSERT INTO `Persons` (`personCode`,`firstName`,`lastName`,`address_ID`,`phoneNumber`) VALUES (?,?,?,(SELECT `address_ID` FROM `Addresses` WHERE street = ? AND city = ? AND state = ? AND zip = ? AND country = ?),?)";
try
{
ps = conn.prepareStatement(checkAddress);
ps.setString(1, street);
ps.setString(2, city);
ps.setString(3, state);
ps.setString(4, zip);
ps.setString(5, country);
rs = ps.executeQuery();
if(!(rs.next())){
ps = conn.prepareStatement(addAddressQuery);
ps.setString(1, street);
ps.setString(2, city);
ps.setString(3, state);
ps.setString(4, zip);
ps.setString(5, country);
ps.executeUpdate();
ps.close();
}
ps.close();
rs.close();
ps = conn.prepareStatement(addPersonQuery);
ps.setString(1, personCode);
ps.setString(2, firstName);
ps.setString(3, lastName);
ps.setString(4, street);
ps.setString(5, city);
ps.setString(6, state);
ps.setString(7, zip);
ps.setString(8, country);
ps.setString(9, phoneNo);
ps.executeUpdate();
ps.close();
conn.close();
}
catch (SQLException e)
{
System.out.println("SQLException: ");
e.printStackTrace();
throw new RuntimeException(e);
}
}
问题是,当我们插入像 Miles O'Brien
这样的名字时,它会被插入为 Miles O'Brien
我试图使用一种方法来替换单引号来逃避(撇号)其中两个('')用于转义。该方法只是导致数据以 Miles O''Brien
的形式插入。我们该如何解决这个问题?问题出在 ps.setString(3, lastName);
我们如何将姓氏存入数据库而不将其作为 '
写入?
以防万一您需要它,引擎是 InnoDB,我们使用默认的 UTF8 作为排序规则。
正如您所看到的,姓氏也传递给了该方法。
最佳答案
GIGO
单步调试器和放置良好的断点或以下内容将告诉您这与 JDBC 根本无关。
单步调试器是检查正在运行的代码的首选方法!
public static void addPerson(final String personCode, final String firstName, final String lastName,
final String phoneNo, final String street, final String city, final String state,
final String zip, final String country) {
System.out.println(String.format("Last Name = %s",lastName));
// the rest of your code
}
关于Java JDBC 准备语句不插入单引号(SQL 转义),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33638947/