1. 首頁
  2. 問答
  3. 我的Oracle SQL語句有什麼問題?我不斷收到一個不允許在這裏的列錯誤?

我的Oracle SQL語句有什麼問題?我不斷收到一個不允許在這裏的列錯誤?

2011-04-17 71 views
0

好吧,我的SQL * Plus語句有什麼問題?據我可以告訴一切應該工作?我的Oracle SQL語句有什麼問題?我不斷收到一個不允許在這裏的列錯誤?

//get parameters from the request 
String custID=request.getParameter("cust_ID"); 
String saleID=request.getParameter("sale_ID"); 
String firstName=request.getParameter("first_Name"); 
String mInitial=request.getParameter("mI"); 
String lastName=request.getParameter("last_Name"); 
String streetName=request.getParameter("street"); 
String city=request.getParameter("city"); 
String state=request.getParameter("state"); 
String zipCode=request.getParameter("zip_Code"); 
String DOB=request.getParameter("DOB"); 
String agentID=request.getParameter("agent_ID"); 
String homePhone=request.getParameter("home_Phone"); 
String cellPhone=request.getParameter("cell_Phone"); 
String profession=request.getParameter("profession"); 
String employer=request.getParameter("emoployer"); 
String referrer=request.getParameter("referrer"); 

stmt.executeUpdate("INSERT INTO customer 
         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)" 
        + " VALUES 
         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

SQL DDL

CREATE TABLE customer 
     (cust_ID  NUMBER   NOT NULL, 
     sale_ID    NUMBER   NOT NULL, 
     first_Name  VARCHAR2(30)  NOT NULL, 
     mI   VARCHAR2(2)   , 
     last_Name  VARCHAR2(50)  NOT NULL, 
     street_Name  VARCHAR2(50)  NOT NULL, 
     city   VARCHAR2(30)  NOT NULL, 
     state   VARCHAR2(2)  NOT NULL, 
     zip_Code  VARCHAR2(5)  NOT NULL, 
     DOB   DATE   , 
     agent_ID  NUMBER    , 
     home_Phone  VARCHAR2(12)  UNIQUE,   
     cell_Phone  VARCHAR2(12)  UNIQUE, 
     profession  VARCHAR2(30)   , 
     employer  VARCHAR2(30)   , 
     referrer  VARCHAR2(30)    
    );

SQL DML

INSERT INTO customer 
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL); 

INSERT INTO customer 
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL); 

SELECT * FROM customer;

來源

2011-04-17 Mike

+0

SQLPlus是您用於命令行訪問Oracle數據庫的應用程序。 – 2011-04-17 02:21:39

+0

是的,SQL DDL和DDL是我爲了設置數據庫而在SQL提示符下實際輸入的內容。我將它包含在內,以防萬一任何人想基於jsp無法正常工作的情況下仔細檢查它們。我得到一個不允許在這裏的列錯誤?所有的列看起來都正確。 。 。我不知道這件事有什麼問題。快把我逼瘋。 – Mike 2011-04-17 02:29:06

回答

5

你是不是插入變量的值。您正在插入變量名稱。

更換

stmt.executeUpdate("INSERT INTO customer 
         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)" 
        + " VALUES 
         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

通過

preparedStatement = connection.prepareStatement("INSERT INTO customer 
         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)" 
        + " VALUES 
         (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); 
preparedStatement.setLong(1, Long.valueOf(custID)); 
preparedStatement.setLong(2, Long.valueOf(saleID)); 
preparedStatement.setString(3, firstName); 
// ... 
preparedStatement.executeUpdate();

請注意,你不應該使用字符串連接+到SQL字符串變量粘合在一起。它將完全開放給SQL injection攻擊。一路使用PreparedStatement

來源

2011-04-17 02:26:26 BalusC

+0

我認爲這樣做;然而,我得到一個「未知的錯誤」。我們的Oracle服務器出現問題。它一整天都在進出。我認爲這就是這個新的「未知錯誤」來自何處。感謝您的幫助和新的PreparedStatement類/類型,我將從現在開始使用:) – Mike 2011-04-17 02:54:42

相關問題

 相關問題