java 使用变量将整数值插入 MySQL 数据库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15645192/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Inserting Integer Values into MySQL Database using Variables
提问by user2078258
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test",
"root", "mysecret");
System.out.println("Connected to Database");
Statement stmt1 = conn.createStatement();
ResultSet rs1=null;
String sql="insert into id
values('"+name+"',12,+fs+,+se+,+th+,+ft+,+f+,+si+,+sv+,+ei+)";
System.out.println("sql:"+sql);
stmt1.executeUpdate(sql);
The Name Variable is taken care of in the definition part not included here, the output is
名称变量在此处未包含的定义部分中得到处理,输出为
sql:insert into id values('Golum',12,+fs+,+se+,+th+,+ft+,+f+,+si+,+sv+,+ei+);
It also says error in SQL Syntax which refers to the variables fs,se,th,ft,f,si,sv and ei. Basically i am trying to pass integers to MySQL Database using variables. the definition of these variables is as such
它还说 SQL 语法中的错误,它指的是变量 fs、se、th、ft、f、si、sv 和 ei。基本上我试图使用变量将整数传递给 MySQL 数据库。这些变量的定义是这样的
int fs = x21;
int se = y21;
x21 and y21 store mouse click co-ordinates x and y respectively. The code below shows that the co-ordinates are passed correctly. The error is in SQL Syntax. I wanna Know what is the correct syntax for passing integers to SQL Database using this technique.
x21 和 y21 分别存储鼠标点击坐标 x 和 y。下面的代码显示坐标已正确传递。错误在 SQL 语法中。我想知道使用这种技术将整数传递给 SQL 数据库的正确语法是什么。
System.out.println(fs);
回答by rgettman
You have a SQL error in your insert statement. I don't know why you have those +characters in your statement, but I'm guessing that you are attempting to concatenate the values into the statement. But in your attempt the +characters are part of the string. Try inserting double-quote characters to end and start the strings to concatenate together to form the insert statement:
您的插入语句中有 SQL 错误。我不知道为什么你+的语句中有这些字符,但我猜你正试图将这些值连接到语句中。但是在您的尝试中,+字符是字符串的一部分。尝试插入双引号字符以结束和开始将字符串连接在一起以形成插入语句:
String sql="insert into id values('"+name+"',12, " +
fs+","+se+","+th+","+ft+","+f+","+si+","+sv+","+ei+")";
Of course anytime you concatenate values that may be from the user into a SQL statement, you are vulnerable to SQL injection. If these are user values, then use a PreparedStatementwith bind variables instead.
当然,无论何时您将可能来自用户的值连接到 SQL 语句中,您都容易受到SQL 注入的攻击。如果这些是用户值,则使用PreparedStatementwith 绑定变量代替。
回答by msfk
try this
试试这个
String sql="insert into id values('"+name+"',12,"+fs +","+se+","+th+","+ft+","+f+","+si+","+sv+","+ei+")";
your syntax for using vars in the string is wrong. The vars should be out of quotations
您在字符串中使用 vars 的语法是错误的。vars 应该不在引号内
回答by HeatfanJohn
You need to tell Java to convert your integer variables to strings, change your sql assignment statement to:
您需要告诉 Java 将您的整数变量转换为字符串,将您的 sql 赋值语句更改为:
String sql="insert into id values('"
+ name + "',12," + fs + ", " + se + ","
+ th + "," + ft + "," + f + "," + si + "," + sv + "," + ei + ")";
