2017-06-03 31 views
0

我有代碼:錯誤我用Java語言(Netbeans的)SQL

private void btnSaveActionPerformed(java.awt.event.ActionEvent evt) { 
    // TODO add your handling code here: 

    try { 
     con = Connect.ConnectDB(); 
     if (PatientID.getText().equals("")) { 
      JOptionPane.showMessageDialog(this, "Please retrieve Patient ID", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 
     if (txtNoOfDays.getText().equals("")) { 
      JOptionPane.showMessageDialog(this, "Please enter no. of days", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 
     if (txtServiceCharges.getText().equals("")) { 
      JOptionPane.showMessageDialog(this, "Please retrieve service charges", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 

     if (txtBillingDate.getText().equals("")) { 
      JOptionPane.showMessageDialog(this, "Please enter billing date", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 
     if (txtTotalPaid.getText().equals("")) { 
      JOptionPane.showMessageDialog(this, "Please enter total paid", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 
     double add1 = Double.parseDouble(txtRoomCharges.getText()); 
     double add = Double.parseDouble(txtNoOfDays.getText()); 
     double add2 = add * add1; 
     txtTotalRoomCharges.setText(String.valueOf(add2)); 
     double add3 = Double.parseDouble(txtServiceCharges.getText()); 
     double add5 = ((add * add1) + add3); 
     txtTotalCharges.setText(String.valueOf(add5)); 
     double paid = Double.parseDouble(txtTotalPaid.getText()); 
     txtTotalPaid.setText(String.valueOf(paid)); 
     if (add5 > paid) { 
      double datadue = add5 - paid; 
      txtDueCharges.setText(String.valueOf(datadue)); 
     } 
     //double add1 = Double.parseDouble(txtTotalCharges.getText()); 
     //double add2 = Double.parseDouble(txtTotalPaid.getText()); 

     Statement stmt; 
     stmt = con.createStatement(); 
     String sql1 = "Select DischargeID from bill_room where DischargeID= " + txtDischargeID.getText() + ""; 
     rs = stmt.executeQuery(sql1); 
     if (rs.next()) { 
      JOptionPane.showMessageDialog(this, "Record already exists", "Error", JOptionPane.ERROR_MESSAGE); 
      return; 
     } 

     String sql = "insert into bill_room(DischargeID,BillingDate,RoomCharges,ServiceCharges,PaymentMode,PaymentModeDetails,ChargesPaid,DueCharges,TotalCharges,NoOfDays,TotalRoomCharges) values(" + txtDischargeID.getText() + ",'" + txtBillingDate.getText() + "'," + txtRoomCharges.getText() + "," + txtServiceCharges.getText() + ",'" + cmbPaymentMode.getSelectedItem() + "','" + txtPaymentModeDetails.getText() + "'," + txtTotalPaid.getText() + "," + txtDueCharges.getText() + "," + txtTotalCharges.getText() + "," + txtNoOfDays.getText() + "," + txtTotalRoomCharges.getText() + ")"; 
     pst = con.prepareStatement(sql); 
     pst.execute(); 
     JOptionPane.showMessageDialog(this, "Successfully saved", "Record", JOptionPane.INFORMATION_MESSAGE); 
     btnSave.setEnabled(false); 

    } catch (HeadlessException | SQLException ex) { 
     JOptionPane.showMessageDialog(this, ex); 
    } 

我有這樣的代碼,當執行運行(有時順利,有時會出錯) 當錯誤發生: enter image description here

com.mysql.jdbc.exceptions.jbdc4.MySQLSyntaxErrorException」你的SQL語法有錯誤 ;檢查對應於您 MariaDB的服務器版本附近使用權sysntax手冊'110800.0,9,10800.0);在1號線

當明確enter image description here

運行什麼是不完全正確嗎? 我需要你的幫助或建議

+0

使用'PreparedStatement's不僅將解決這個錯誤,而且由於錯誤消息告訴您從SQL注入攻擊 – Mureinik

+0

保護你,你的SQL語法被打破。您在運行時基於輸入動態構建SQL(順便說一下,它對SQL注入攻擊廣泛開放),所以我們不知道您實際執行的是哪個SQL代碼。在調試時,實際的SQL代碼是什麼? – David

回答

1

你已經在使用PreparedStatement的,爲什麼你不正確地使用它,所以要避免語法錯誤和SQL注入,您可以使用:

String sql = "insert into bill_room(DischargeID, BillingDate, " 
     + "RoomCharges, ServiceCharges, PaymentMode, PaymentModeDetails, " 
     + "ChargesPaid, DueCharges, TotalCharges, NoOfDays, TotalRoomCharges) " 
     + "values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; 

try (PreparedStatement insert = connection.prepareStatement(sql)) { 

    insert.setInt(1, txtDischargeID.getText()); 
    insert.setString(2, txtBillingDate.getText()); 

    //...Set the the right type if int use setInt if string use setString ... 

    insert.setDouble(11, Double.parseDouble(txtTotalRoomCharges.getText())); 

    insert.executeUpdate(); 
} 

同樣的事情選擇。

+0

Thankyou。 :)我有解決方案。 Thankyou –

+0

歡迎您@DICKYIBROHIM –