0
private void btnSaveActionPerformed(java.awt.event.ActionEvent evt) {
// TODO add your handling code here:
try {
con = Connect.ConnectDB();
if (PatientID.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please retrieve Patient ID", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtNoOfDays.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter no. of days", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtServiceCharges.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please retrieve service charges", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtBillingDate.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter billing date", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtTotalPaid.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter total paid", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
double add1 = Double.parseDouble(txtRoomCharges.getText());
double add = Double.parseDouble(txtNoOfDays.getText());
double add2 = add * add1;
txtTotalRoomCharges.setText(String.valueOf(add2));
double add3 = Double.parseDouble(txtServiceCharges.getText());
double add5 = ((add * add1) + add3);
txtTotalCharges.setText(String.valueOf(add5));
double paid = Double.parseDouble(txtTotalPaid.getText());
txtTotalPaid.setText(String.valueOf(paid));
if (add5 > paid) {
double datadue = add5 - paid;
txtDueCharges.setText(String.valueOf(datadue));
}
//double add1 = Double.parseDouble(txtTotalCharges.getText());
//double add2 = Double.parseDouble(txtTotalPaid.getText());
Statement stmt;
stmt = con.createStatement();
String sql1 = "Select DischargeID from bill_room where DischargeID= " + txtDischargeID.getText() + "";
rs = stmt.executeQuery(sql1);
if (rs.next()) {
JOptionPane.showMessageDialog(this, "Record already exists", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
String sql = "insert into bill_room(DischargeID,BillingDate,RoomCharges,ServiceCharges,PaymentMode,PaymentModeDetails,ChargesPaid,DueCharges,TotalCharges,NoOfDays,TotalRoomCharges) values(" + txtDischargeID.getText() + ",'" + txtBillingDate.getText() + "'," + txtRoomCharges.getText() + "," + txtServiceCharges.getText() + ",'" + cmbPaymentMode.getSelectedItem() + "','" + txtPaymentModeDetails.getText() + "'," + txtTotalPaid.getText() + "," + txtDueCharges.getText() + "," + txtTotalCharges.getText() + "," + txtNoOfDays.getText() + "," + txtTotalRoomCharges.getText() + ")";
pst = con.prepareStatement(sql);
pst.execute();
JOptionPane.showMessageDialog(this, "Successfully saved", "Record", JOptionPane.INFORMATION_MESSAGE);
btnSave.setEnabled(false);
} catch (HeadlessException | SQLException ex) {
JOptionPane.showMessageDialog(this, ex);
}
我有這樣的代碼,當執行運行(有時順利,有時會出錯) 當錯誤發生: 
com.mysql.jdbc.exceptions.jbdc4.MySQLSyntaxErrorException」你的SQL語法有錯誤 ;檢查對應於您 MariaDB的服務器版本附近使用權sysntax手冊'110800.0,9,10800.0);在1號線
當明確
運行什麼是不完全正確嗎? 我需要你的幫助或建議
使用'PreparedStatement's不僅將解決這個錯誤,而且由於錯誤消息告訴您從SQL注入攻擊 – Mureinik
保護你,你的SQL語法被打破。您在運行時基於輸入動態構建SQL(順便說一下,它對SQL注入攻擊廣泛開放),所以我們不知道您實際執行的是哪個SQL代碼。在調試時,實際的SQL代碼是什麼? – David