我編寫了一個簡單的java代碼來接受表單中的參數並將其存儲在表中。下面是代碼:提交表單後獲取MySQL語法錯誤
String fname = request.getParameter("username");
String mail = request.getParameter("email");
String country = request.getParameter("country");
String pword = request.getParameter("password");
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/foodforthought", "root",
"********");
Statement statement = connection.createStatement();
try {
int i = statement.executeUpdate("insert into users (username,email,country,password) values ("+fname+"','"+mail+"','"+country+"','"+pword+")");
out.println("Successfully registered");
} catch (Exception e) {
out.println(e);
e.printStackTrace();
}
Error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'India',')' at line 1
國家的值是India
其從表格的到來。我該如何解決它?
您在第一個圓括號後面和最後一個'values'零件之前缺少引號。更好地使用'PreparedStatement'來避免這個問題和可能的注入。 – Berger
''「+ pword +」'你最後錯過了一個單引號。 – Jagrati
int i = statement.executeUpdate(「insert into users(username,email,country,password)values(''+ fname +'',''+ mail +'','」+ country +'','「+ pword +」 '););' – ettanany