java SQL INSERT 系统日期到表中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3226390/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SQL INSERT system date into table
提问by lakshmi
I have created a table called "myTable" with a column called CURRENT_DATE and it's data type is "DATE". When I programatically update my table, I also want to place a timestamp or system date in the CURRENT_DATE field. A portion of what I am doing is shown below, but it is not working. I would think this would be easy, but... Can you help?
我创建了一个名为“myTable”的表,其中有一列名为 CURRENT_DATE,它的数据类型是“DATE”。当我以编程方式更新我的表时,我还想在 CURRENT_DATE 字段中放置一个时间戳或系统日期。我正在做的一部分如下所示,但它不起作用。我认为这很容易,但是......你能帮忙吗?
//System date is captured for placement in the CURRENT_DATE field in myTable
java.util.Date currentDate = new java.util.Date();
...
stmt.executeQuery("INSERT INTO myTable (NAME, CURRENT_DATE) VALUES (' " + userName + " ', ' " + currentDate + " ') ");
回答by Dunderklumpen
You really should be doing this as a prepared statement using parameters, it makes things a lot easier and cuts out a few very simple SQL injection threats.
您确实应该使用参数作为准备好的语句来执行此操作,它使事情变得容易得多,并减少了一些非常简单的 SQL 注入威胁。
Connection con = ...;
PreparedStatement statement = con.prepareStatement("INSERT INTO myTable (NAME, CURRENT_DATE) VALUES ( ?, ?)");
statement.setString(1, userName);
statement.setDate(2, currentDate );
statement.execute();
There is plenty of info on how to use prepared statements properly. For example: http://www.jdbc-tutorial.com/jdbc-prepared-statements.htm
有很多关于如何正确使用准备好的语句的信息。例如:http: //www.jdbc-tutorial.com/jdbc-prepared-statements.htm
回答by dxh
If you just want the current date, you can retrieve that from the SQL server, without submitting it as a variable. It varies a little depending on what server you're using, but in MS SQL Server there's a function called getdate().
如果您只需要当前日期,则可以从 SQL 服务器检索该日期,而无需将其作为变量提交。它根据您使用的服务器而略有不同,但在 MS SQL Server 中有一个名为getdate().
stmt.executeQuery("INSERT INTO myTable (NAME, CURRENT_DATE) VALUES (' " + userName + " ', getdate()");
You can also set getdate()as the default value for that field, so that you can omit the field entirely:
您还可以设置getdate()为该字段的默认值,以便您可以完全省略该字段:
stmt.executeQuery("INSERT INTO myTable (NAME) VALUES (' " + userName + " '" ') ");
回答by onof
Don't put strings in the SQL. Use a prepared statement and set parameters.
不要在 SQL 中放入字符串。使用准备好的语句并设置参数。
回答by Matt Mitchell
Try this:
试试这个:
stmt.executeQuery("INSERT INTO myTable (NAME, CURRENT_DATE) VALUES (' " + userName + " ', GETDATE()) ");
回答by paxdiablo
For data integrity, this is something that should be done at the DBMS end with an update and insert trigger.
为了数据完整性,这应该在 DBMS 端使用更新和插入触发器来完成。
Any other method can be gotten around by malicious (or buggy) code.
恶意(或错误)代码可以绕过任何其他方法。
How to get the actual value (and how to create the appropriate triggers) depends on the DBMS itself. DB2 provides current date, current timeand current timestampthat you can use to insert the server time into the database, which is likely to be more consistent than hundreds of different client times.
如何获取实际值(以及如何创建适当的触发器)取决于 DBMS 本身。DB2提供current date,current time并且current timestamp可以使用到服务器时,插入到数据库中,这很可能是比数百种不同的客户端的时间更加一致。
