我試圖從數據庫獲取結果關於做了查詢,分貝總是讓我「虛假」,即使已經修整。java與Postgresql錯誤與語句
oldPassword = DBConfig.MD5(oldPassword); //thase are me own classes
newPassword = DBConfig.MD5(newPassword);
String updatePassword = "UPDATE login " + "SET password='"
+ newPassword + "'" + " WHERE password='" + oldPassword
+ "' and employee_id=" + userId + " ;";
Connection con = DBConfig.dbConfigure();
Statement statement = con.createStatement();
boolean success = statement.execute(updatePassword);
LOGGER.info(success);
DBManager.close(con, statement, null); //I'm closing connectin,statmant and result set if that has
/* ** * ** * ** * ** * ** * ****/ 的DBConfig
public static final String USER_NAME = "postgres";
public static final String PASSWORD = "password";
public static final String DB_NAME="jdbc:postgresql://localhost/myTask";
public static final String DB_DRIVER = "org.postgresql.Driver";
public static Connection dbConfigure() throws ClassNotFoundException,
SQLException {
String userName = USER_NAME;
String dbPassword = PASSWORD;
String dbName = DB_NAME;
String dbDriver = DB_DRIVER;
Class.forName(dbDriver);
Connection con = DriverManager.getConnection(dbName, userName,
dbPassword);
return con;
}
IMO你不應該使用'password'作爲查詢的一部分,而是檢索用戶密碼並在服務器端進行匹配,即在Java中進行乾淨更新。此外,使用'PreparedStatement's而不是普通的'Statement'來避免SQL注入。 –
另外,使用'executeUpdate'方法而不是普通的'execute'。 –
感謝您的回答,現在好了。 – Unknown