oracle 使用 servlet 将值插入 SQL 数据库

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/17422399/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-19 01:46:36  来源:igfitidea点击:

insert values into SQL database using servlet

javaoracle

提问by Yash Srivastava

Whenever I'm running this code, I'm getting a not enough values. What could be going wrong?

每当我运行这段代码时,我都会得到一个not enough values. 可能出什么问题了?

Here is my code:

这是我的代码:

import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.io.*;

public class Base extends HttpServlet
{
    public void doGet(HttpServletRequest req,HttpServletResponse res)throws 
IOException,ServletException
    {
        String eid=req.getParameter("t1");
        String name=req.getParameter("t2");
        int sal=Integer.parseInt(req.getParameter("t3"));
        Connection con=null;
        Statement stmt=null;
        PrintWriter out=res.getWriter();
        try
        {
              Class.forName("oracle.jdbc.driver.OracleDriver");
              con = DriverManager.getConnection( "jdbc:oracle:thin:@localhost:1521:xe","system","intelinside" );
              stmt=con.createStatement();
              int i = stmt.executeUpdate("insert into emp values('"+eid+"''"+name+"''"+sal+"')");
              if(i>0)
                out.println("Inserted Successfully");
              else
                out.println("Insert Unsuccessful");
        }
        catch(Exception e)
        {
          out.println(e);       
        }
    }
}

回答by Stefan Beike

your sql is wrong:

你的sql是错误的:

int i=stmt.executeUpdate("insert into emp values('"+eid+"''"+name+"''"+sal+"')");

where is the ,between the columns?

哪里是,列之间?

change it to this:

把它改成这样:

int i=stmt.executeUpdate("insert into emp values('"+eid+"','"+name+"','"+sal+"')");

btw. use PreparedStatementyour way is a pretty good example for SQL-Injection.

顺便提一句。使用PreparedStatement你的方式是 SQL 注入的一个很好的例子。

回答by Ravi Thapliyal

You missed putting commasbetween your column values.

您错过了在列值之间放置逗号

int i=stmt.executeUpdate("insert into emp values('"+eid+"','"+name+"','"+sal+"')");

But, I suggest using a PreparedStatementinstead. Your code is wide open to SQL injection attacks otherwise. Specially, because you're fetching the user input over the web as request parameters without any validation.

但是,我建议改用PreparedStatement。否则,您的代码很容易受到 SQL 注入攻击。特别是,因为您在没有任何验证的情况下通过网络获取用户输入作为请求参数。

PreparedStatement pstmt = con.prepareStatement("INSERT INTO emp VALUES(?, ?, ?)");

pstmt.setString(1, eid);
pstmt.setString(2, name);
pstmt.setString(3, sal);

int i = pstmt.executeUpdate();

回答by Kayaman

You're missing the commas in your values() clause. Come on, be more careful.

您在 values() 子句中缺少逗号。来吧,多加小心。

回答by Vallabh Patade

You're missing the commas in between column values. As a better approach you should use column names and accordingly the column values. In future if table structure changes- like a new column is added is table, your query will start to fail.

您缺少列值之间的逗号。作为更好的方法,您应该使用列名并相应地使用列值。将来如果表结构发生变化——比如添加了一个新列是表,你的查询将开始失败。

"insert into emp(employyeId, empName, empSalary) values('"+eid+"','"+name+"','"+sal+"')"

Here you are giving tight mapping between column names and corresponding values.

在这里,您提供了列名和相应值之间的紧密映射。

回答by Abhishek Kulahari

Just try this line for update.

只需尝试此行进行更新。

int i=stmt.executeUpdate("insert into employee values('"+eid+"','"+name+"',"+sal+")");

int i=stmt.executeUpdate("插入员工值('"+eid+"','"+name+"',"+sal+")");

Hope it will work for you.

希望它对你有用。