oracle 使用 servlet 将值插入 SQL 数据库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17422399/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
insert values into SQL database using servlet
提问by Yash Srivastava
Whenever I'm running this code, I'm getting a not enough values
. What could be going wrong?
每当我运行这段代码时,我都会得到一个not enough values
. 可能出什么问题了?
Here is my code:
这是我的代码:
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.io.*;
public class Base extends HttpServlet
{
public void doGet(HttpServletRequest req,HttpServletResponse res)throws
IOException,ServletException
{
String eid=req.getParameter("t1");
String name=req.getParameter("t2");
int sal=Integer.parseInt(req.getParameter("t3"));
Connection con=null;
Statement stmt=null;
PrintWriter out=res.getWriter();
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
con = DriverManager.getConnection( "jdbc:oracle:thin:@localhost:1521:xe","system","intelinside" );
stmt=con.createStatement();
int i = stmt.executeUpdate("insert into emp values('"+eid+"''"+name+"''"+sal+"')");
if(i>0)
out.println("Inserted Successfully");
else
out.println("Insert Unsuccessful");
}
catch(Exception e)
{
out.println(e);
}
}
}
回答by Stefan Beike
your sql is wrong:
你的sql是错误的:
int i=stmt.executeUpdate("insert into emp values('"+eid+"''"+name+"''"+sal+"')");
where is the ,
between the columns?
哪里是,
列之间?
change it to this:
把它改成这样:
int i=stmt.executeUpdate("insert into emp values('"+eid+"','"+name+"','"+sal+"')");
btw. use PreparedStatement
your way is a pretty good example for SQL-Injection.
顺便提一句。使用PreparedStatement
你的方式是 SQL 注入的一个很好的例子。
回答by Ravi Thapliyal
You missed putting commasbetween your column values.
您错过了在列值之间放置逗号。
int i=stmt.executeUpdate("insert into emp values('"+eid+"','"+name+"','"+sal+"')");
But, I suggest using a PreparedStatementinstead. Your code is wide open to SQL injection attacks otherwise. Specially, because you're fetching the user input over the web as request parameters without any validation.
但是,我建议改用PreparedStatement。否则,您的代码很容易受到 SQL 注入攻击。特别是,因为您在没有任何验证的情况下通过网络获取用户输入作为请求参数。
PreparedStatement pstmt = con.prepareStatement("INSERT INTO emp VALUES(?, ?, ?)");
pstmt.setString(1, eid);
pstmt.setString(2, name);
pstmt.setString(3, sal);
int i = pstmt.executeUpdate();
回答by Kayaman
You're missing the commas in your values() clause. Come on, be more careful.
您在 values() 子句中缺少逗号。来吧,多加小心。
回答by Vallabh Patade
You're missing the commas in between column values. As a better approach you should use column names and accordingly the column values. In future if table structure changes- like a new column is added is table, your query will start to fail.
您缺少列值之间的逗号。作为更好的方法,您应该使用列名并相应地使用列值。将来如果表结构发生变化——比如添加了一个新列是表,你的查询将开始失败。
"insert into emp(employyeId, empName, empSalary) values('"+eid+"','"+name+"','"+sal+"')"
Here you are giving tight mapping between column names and corresponding values.
在这里,您提供了列名和相应值之间的紧密映射。
回答by Abhishek Kulahari
Just try this line for update.
只需尝试此行进行更新。
int i=stmt.executeUpdate("insert into employee values('"+eid+"','"+name+"',"+sal+")");
int i=stmt.executeUpdate("插入员工值('"+eid+"','"+name+"',"+sal+")");
Hope it will work for you.
希望它对你有用。