用preparestatement傳參就錯,使用statement沒問題,代碼如下:
package com.jdbc.preparedStatment;
import java.sql.Connection;
import java.sql.ResultSet;
import org.junit.Test;
import com.jdbc.util.jdbcUtil;
import com.mysql.jdbc.PreparedStatement;
public class app {
/*
* 1. 使用preparestatement防止sql注入的案例
*
*/
@Test
public void testLogin1(){
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
String name = "王五";
try {
//獲取鏈接
connection = jdbcUtil.getconnection();
//準備sql陳述句
String sql = "INSERT INTO student(name,age) VALUES(?,?)";
//String sql = "use jdbc_enhance";
//創建stmt
statement = (PreparedStatement) connection.prepareStatement(sql);
//設定引數值
statement.setInt(1, "王五");
statement.setInt(2, 18);
//發送sql
int count = statement.executeUpdate(sql);
//輸出結果
System.out.println("共影響了"+count+"行");
//查詢該表中的資料
//準備sql
String sql1 = "select * from student";
//發送并執行sql陳述句
resultSet = statement.executeQuery(sql1);
//輸出回傳集
while(resultSet.next()){
String id = resultSet.getString("id");
String name1 = resultSet.getString("name");
String age = resultSet.getString("age");
System.out.println(id+"-"+name1+"-"+age);
}
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException();
}finally{
jdbcUtil.close(connection, statement,resultSet);
}
}
}
報錯如下
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?)' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
at com.mysql.jdbc.Util.getInstance(Util.java:384)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3562)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3494)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1960)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2114)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2690)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1648)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1567)
at com.jdbc.preparedStatment.app.testLogin1(app.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
uj5u.com熱心網友回復:
你setint,添加的是字串uj5u.com熱心網友回復:
編輯帖子的時候寫錯的,如果是setString也會報這個錯誤,這個錯誤是因為使用statement.executeUpdate()的時候傳入了sql引數,在創建preparestatement時就已經傳sql陳述句進行預編譯了,還是很感謝
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/39627.html
標籤:Java SE