使用JOptionPane更新mysql

Question

我想用JoptionPane更新我的mysql表。所以我們的想法是，首先更新id，然後檢查它是否退出，然後詢問新值以替換它。

這裏是行

else if(ae.getSource()==updateVid){ 
     String id =JOptionPane.showInputDialog("Enter ID you want to update:"); 


     try { 
      con=DriverManager.getConnection(url,"root","success123"); 
      stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY); 
      int numRows = stmt.executeUpdate("UPDATE FROM films WHERE id='"+id+"'"); 

      String ids =JOptionPane.showInputDialog("ID:"); 
      String fn=JOptionPane.showInputDialog("Title:"); 
      String sn =JOptionPane.showInputDialog("Description:"); 
      String tn =JOptionPane.showInputDialog("Year:"); 
      String frn =JOptionPane.showInputDialog("Art:"); 
      String fifn =JOptionPane.showInputDialog("Duration:"); 



      rs = stmt.executeQuery("SELECT * FROM films"); 
      JOptionPane.showMessageDialog(null,"Video has been Rented to the Out","New Rent" ,JOptionPane.OK_OPTION); 
      while (rs.next()) { 


      } 
      rs.close(); 
      stmt.close(); 
      con.close(); 
     } 
     catch (SQLException sqle) { 
     } 
    } 

Answer 1

使用PreparedStatement，而不是Statement源作爲你的代碼很容易受到SQL注入

我覺得這是你所需要的：

String updateQuery = "UPDATE films set title = ?,description=?,year=?,art=?,duration=? where id=?"; 
PreparedStatement ps = con.prepareStatement(updateQuery); 

String fn=JOptionPane.showInputDialog("Title:"); 
String sn =JOptionPane.showInputDialog("Description:"); 
String tn =JOptionPane.showInputDialog("Year:"); 
String frn =JOptionPane.showInputDialog("Art:"); 
String fifn =JOptionPane.showInputDialog("Duration:"); 

ps.setString(1,fn); 
ps.setString(2,sn); 
ps.setString(3,tn); 
ps.setString(4,frn); 
ps.setString(5,fifn); 
ps.setString(6,id); 
int numRows = ps.executeUpdate();