JDBC插入值

-2

我有兩個textfiels和一個保存按鈕框架，JDBC插入值

第一個文本字段取ID和第二取的名字，當我點擊按鈕，這些信息應該在數據庫中保存。

public class d4 extends JFrame implements ActionListener { 

Connection con; 
String dbName = "mydb"; 
String bdUser = "root"; 
String dbPassword = "2323"; 
String dbUrl = "jdbc:mysql://localhost/mydb"; 
JButton okButton; 
JTextField tf1; 
JTextField tf2; 
String id; 
String name; 

public d4() { 

    add(mypanel(), BorderLayout.PAGE_START); 
    setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); 
    setSize(400, 500); 
    setLocation(300, 30); 
    setVisible(true); 
} 

public JPanel mypanel() { 
    JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT)); 
    okButton = new JButton("Ok"); 
    okButton.addActionListener(this); 
    tf1 = new JTextField(10); 
    tf2 = new JTextField(10); 
    panel.add(okButton); 
    panel.add(tf1); 
    panel.add(tf2); 
    return panel; 
} 

public static void main(String[] args) { 
    new d4(); 
} 

@Override 
public void actionPerformed(ActionEvent e) { 
    if (e.getSource() == okButton) { 
     id = tf1.getText(); 
     name = tf2.getText(); 
     try { 
      con = DriverManager.getConnection(dbUrl, bdUser, dbPassword); 
      System.out.println("Connected to database successfully!"); 

     } catch (SQLException ex) { 
      System.out.println("Could not connect to database"); 
     } 
     excuteQuery(id, name); 
    } 
} 

public void excuteQuery(String ID, String NAME) { 
    try { 
     Statement st1 = con.createStatement(); 
     ResultSet result1 = st1.executeQuery("select mytable"); 
     st1.execute("insert into mytable values (" + ID + "," + NAME + ")"); 


    } catch (SQLException ex) { 
     System.out.println("execute time exception"); 
     ex.printStackTrace(); 
    } 
} 
}

輸出：

enter image description here

Connected to database successfully! 
execute time exception 
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'mytable' in 'field list' 
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) 
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 
at java.lang.reflect.Constructor.newInstance(Constructor.java:525) 
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411) 
at com.mysql.jdbc.Util.getInstance(Util.java:386) 
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052) 
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609) 
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541) 
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2002) 
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2163) 
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2618) 
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2568) 
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1557) 
at JDBCtest.d4.excuteQuery(d4.java:86) 
    ...

來源

2013-06-24 Sajad

ResultSet result1 = st1.executeQuery（「select mytable」）;這個陳述是關於什麼的？這是否是有效的陳述？ – kosa

@Nambari我使用此語句從mydb數據庫中選擇表，如何選擇它？ – Sajad

首先刪除'executeQuery'中的非感性和錯誤的select語句，然後研究並學習如何使用'preparedStatement'以及爲什麼要使用'preparedStatement'來避免SQL注入威脅和其他相關問題。 –

不要忘記引號

st1.execute("insert into mytable values ('" + ID + "', '" + NAME + "')");

不要忘記關閉數據庫連接
```
excuteQuery(id, name); 
con.close(); 
```

我猜沒有必要執行選擇之前

// ResultSet result1 = st1.executeQuery("select mytable");

而且，因爲你接受來自用戶的輸入你敞開的SQL注入攻擊。使用PreparedStatement.executeUpdate()代替：
```
Statement ps = con.prepareStatement("INSERT INTO mytable VALUES (?, ?)"); 

ps.setString(1, ID); 
ps.setString(2, NAME); 

ps.executeUpdate(); 
```
的PreparedStatement會照顧的報價爲好。

來源

2013-06-24 15:52:34

回答

相關問題