try{
stmt=conn.createStatement();
int stdID=Integer.parseInt(id.getText());
String stdName=name.getText();
int stdAge=Integer.parseInt(age.getText());
String stdAddress=address.getText();
String stdEMail=email.getText();
String stdDepartment=(String) department.getSelectedItem();
String stdDesignation= (String) designation.getSelectedItem();
int stdSalary=Integer.parseInt(salary.getText());
String sql="INSERT INTO EMPLOYEE(stdID,stdName,stdAge,stdAddress,stdEMail,stdDepartment,stdDesignation,stdSalary)"
+ " VALUES('"+stdID+"',"+stdName+"','"+stdAge+"','"+stdAddress+"','"+stdEMail+"','"+stdDepartment+"','"+stdDesignation+"','"+stdSalary+"')";
stmt.executeUpdate(sql);
JOptionPane.showMessageDialog(null, "Data is successfully inserted");
}catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
**这是我的项目代码。我在执行代码时出错。它显示:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorExceptionSQL syntex中的错误;查看与您的MariaDB服务器版本为正确的syntex为正确的syntex使用near",'21','aaa','abc@gmail.com','A','经理',11111111'('第1行**
您的插入查询存在问题,例如引用的文字值不正确。这里最好的解决方案是只使用一个预先准备好的语句。
String sql = "INSERT INTO EMPLOYEE (stdID, stdName, stdAge, stdAddress, stdEMail, ";
sql += "stdDepartment, stdDesignation, stdSalary) ";
sql += "VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setInt(1, stdID);
ps.setString(2, stdName);
ps.setInt(3, stdAge);
ps.setString(4, stdAddress);
ps.setString(5, stdEMail);
ps.setString(6, stdDepartment);
ps.setString(7, stdDesignation);
ps.setInt(8, stdSalary);
ps.executeUpdate();
准备好的语句不仅可以防止SQL注入。它们还使您不必担心如何在SQL查询中包含数据。您只需要知道数据的类型,但"如何"部分由语句处理。