2
我正在寫一個Java應用程序,它必須向數據庫添加一條記錄。一切工作正常,直到我想添加一個本地變量到數據庫(我想我把我的括號錯誤或什麼的)。無論如何,我厭倦了尋找問題,並希望得到一些幫助。Java SQLite:沒有這樣的列錯誤
我的代碼:
public void newUser(int userID, String userName, String credentials) {
try {
Class.forName("org.sqlite.JDBC");
conn = DriverManager
.getConnection("jdbc:sqlite:c:/temp/alarmsystem.db");
Statement statement = conn.createStatement();
statement.execute("insert into Users values(" + 1 + "," + userName
+ "," + "'Helloskit'" + ") ");
core.printToConsole("created");
ResultSet rs = statement.executeQuery("select * from Users");
while (rs.next()) {
String s = rs.getString("Username");
core.printToConsole("name = " + s);
}
} catch (Exception e) {
}
}
錯誤:
java.sql.SQLException: no such column: Tombellens
at org.sqlite.DB.throwex(DB.java:288)
at org.sqlite.NestedDB.prepare(NestedDB.java:115)
at org.sqlite.DB.prepare(DB.java:114)
at org.sqlite.Stmt.execute(Stmt.java:82)
at me.server.DBCommunications.DBConnection.newUser(DBConnection.java:59)
at me.server.Core.Core.newUser(Core.java:61)
at me.server.LocalUser.Console.main(Console.java:72)
謝謝,湯姆
**警告**您的代碼易受sql注入攻擊。 – 2012-02-18 22:41:52
@Thomas你必須把用戶名作爲''Robert'); DROP TABLE用戶; - 'as'在查詢中缺失...;) – havexz 2012-02-19 03:44:21
噢,是的。小博比單引號,他們打電話給我。 – Thomas 2012-02-19 14:09:39