在執行以下select查詢,我得到一個錯誤:異常查詢
ResultSet rs = St.executeQuery("select * from login where username="+username+"and password ="+password);
並將異常
java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended.
請讓我知道,如果查詢是錯誤的語法。
單引號的價值和密碼之前丟失,我覺得應該是:用戶名和密碼
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
有你的用戶名和and關鍵字之間沒有空格。這將解析到
SELECT * FROM登錄其中username = usernameand密碼=密碼
你還缺少左右你插入語句中值的單引號。嘗試:
結果集RS = St.executeQuery( 「從登錄選擇*,其中用戶名= '」 +用戶名+ 「 '和口令='」 +密碼+ 「'」);
我也推薦在Java教程中閱讀關於Using Prepared Statements的文章。
試試這個(你缺少幾個空格和引號):
ResultSet rs =
St.executeQuery(
"select * from login where username=\""+username+"\" and password =\""+password + "\"");
值應在報價
ResultSet rs = St.executeQuery("select * from login where username='" + username + "' and password ='" + password + "'");
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
執行的最佳方法查詢拿出來,並嘗試在你自己的... 爲前。
String query = "select * from login where username='"+username+"' and password = '"+password+"'";
//Print your query and execute it in your sql client you ll get to know if it works!
System.out.println(query);
ResultSet rs = St.executeQuery(query);
至少使用參數(命名參數更好)。將值連接成SQL字符串容易出錯並且不安全。例如: -
Statement stmt = null;
String query = "select * from login where username=? and password=?";
try {
stmt = con.createStatement();
stmt.setString(1, username);
stmt.setString(2, password);
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
//...
}
} catch (SQLException e) {
//TODO handle e
} finally {
if (stmt != null) { stmt.close(); }
}
}
謝謝!我錯過了報價! – Anil