'ps = con.prepareStatement（）;'行中未報告的SQL異常

Question

我正在研究一個簡單的java web應用程序，該應用程序通過表單接受用戶的數據並通過servlet將其存儲在SQL數據庫中。現在，當我寫的代碼，一切工作正常，但我得到的線的錯誤，我爲寫

str="insert into ..." 
ps= con.createStatement(str); <-- Error here 
ps.executeUpdate();    <--error here 

它says-未報告SQL異常必須捕獲​​或拋出。

所以，我周圍的語句try和catch塊，但現在當我運行程序我得到這個 - 值java.sql.SQLException：[微軟] [ODBC SQL Server驅動程序] [SQL服務器]找不到存儲程序str

我被卡住了，無法找到任何解決方案。我創建了數據庫和表，並通過SQL查詢插入值。我通過odbcad32創建了一個名爲'mydata'的用戶DSN。 請幫我一把！

import java.io.IOException; 
import java.io.PrintWriter; 
import java.sql.Connection; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServlet; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import java.sql.*; 


protected void processRequest(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException { 
    response.setContentType("text/html;charset=UTF-8"); 
    PrintWriter out = response.getWriter(); 
    String type="",name="",pw="",city="",country="",contact="",sal=""; 
    type=request.getParameter("ddltype"); 
    name=request.getParameter("txtname"); 
    pw=request.getParameter("txtpwd"); 
    city=request.getParameter("txtcity"); 
    sal=request.getParameter("txtsal"); 
    country=request.getParameter("txtcountry"); 
    contact=request.getParameter("txtcontact"); 
    try { 
     conn(); 
     String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')"; 
     ps=con.prepareStatement("str"); 
     ps.executeUpdate(); 

     /* TODO output your page here. You may use following sample code. */ 
     out.println("<!DOCTYPE html>"); 
     out.println("<html>"); 
     out.println("<head>"); 
     out.println("<title>Servlet regsev</title>");    
     out.println("</head>"); 
     out.println("<body> INSERTED SUCCESSFULLY"); 
     out.println("<h1>Servlet regsev at " + request.getContextPath() + "</h1>"); 
     out.println("</body>"); 
     out.println("</html>"); 

    } 
    catch(SQLException e) 
    { 
     out.print(""+e); 
    } 
} 

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> 
/** 
* Handles the HTTP 
* <code>GET</code> method. 
* 
* @param request servlet request 
* @param response servlet response 
* @throws ServletException if a servlet-specific error occurs 
* @throws IOException if an I/O error occurs 
*/ 
@Override 
protected void doGet(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException { 
    processRequest(request, response); 
} 

/** 
* Handles the HTTP 
* <code>POST</code> method. 
* 
* @param request servlet request 
* @param response servlet response 
* @throws ServletException if a servlet-specific error occurs 
* @throws IOException if an I/O error occurs 
*/ 
@Override 
protected void doPost(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException { 
    processRequest(request, response); 
} 

/** 
* Returns a short description of the servlet. 
* 
* @return a String containing servlet description 
*/ 
@Override 
public String getServletInfo() { 
    return "Short description"; 
}// </editor-fold> 

}這裏

Answer 1

許多言論。

String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')"; 
    ps=con.prepareStatement("str"); 
    ps.executeUpdate(); 

所有3個都不正確。準備好的語句有助於提高性能（在大多數情況下），簡化代碼並防止SQL注入。 您的代碼沒有做2出3

下面的就應該是這樣一個樣本：

String str="insert into details (type, name,pwd) 
    values(?,?,?)"; 
    ps=con.prepareStatement(str); // so no "" around str. 
    ps.setString(1,type); // Sets the content of the first ?, all safe against SQL Injection 
    ps.setString(2,name); // Sets the content of the second ? 
    ps.setString(3,pwd); // Sets the content of the third ? 
    ps.execute(); // Execute instead of executeUpdate. 

數據庫現在還可以重新使用準備好的語句的執行計劃，爲您節省了幾100S的第二插入物。