点击下面的这一行时,我得到的sql命令没有正确结束。
stmt = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
String updateQ = "update ANI_999 set First_Name = '"+d.getName()+"', HouseNo = '"+d.getAddr1()+"', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='"+currentFile+"' where CALLER_ID = '"+msisdn+"' ";
int result = stmt.executeUpdate(updateQ);
conn.commit();
conn.close();`
我一直收到ORA-00933:SQL命令未正确结束。
这是updateQ语句的样子:
update ANI_999 set First_Name = 'ZAHARAH BINTI ABDUL RAHMAN', HouseNo = 'No. JKR6357,', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='ICAREP_ANI_SVCPROF_20120402_002.DAT' where CALLER_ID = '058011726'
这是完整的功能:- 请参考此符号"<<"
public void updateRecord(icData d, String msisdn) {
Connection conn = null;
Statement stmt = null;
int recCtr = 0;
try {
conn = ds.getConnection();
stmt = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
String updateQ = "update ANI_999 set First_Name = '"+d.getName()+"', HouseNo = '"+d.getAddr1()+"', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='"+currentFile+"' where CALLER_ID = '"+msisdn+"' ";
int result = stmt.executeUpdate(updateQ);
conn.commit();
conn.close();
}
catch(SQLException ex) {
logger.error("iCARE:Error : " + ex.getMessage()); <<this line show me that error>>
}
finally {
try {if (stmt != null) stmt.close();} catch (SQLException e) {}
try {if (conn != null) conn.close();} catch (SQLException e) {}
}
}
你应该使用 PreparedStatement:
String updateQ = "update ANI_999 set First_Name = ?, HouseNo = ?, " +
"Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, " +
"Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, " +
"Indicator_Sourcefile_iCARE1=? where CALLER_ID = ? ";
PreparedStatement prep = conn.prepareStatement(updateQ,
ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
prep.setString(1, ...);
prep.setString(2, ...);
prep.setString(3, ...);
int result = prep.executeUpdate(updateQ);
错误: ORA-00933: SQL 命令未正确结束。
原因:您尝试执行包含不适当子句的 SQL 语句。
您不应该只是捕获错误消息,而应该在 catch 块中捕获堆栈跟踪。这为您提供了具有根本原因的语句执行的行号。
改变
logger.error("iCARE:Error : " + ex.getMessage()); // <<this line show me that error>>
自
ex.printStackTrace(); // <<this line show me that error>>
或者,您可以尝试以下代码更改,看看它是否适合您。
您的更新语句输入可能会有一些未转义的字符,从而导致错误。将Statement对象更改为PreparedStatement,并查看它是否已解决。
try {
...
String updateQ = "update ANI_999"
+ " set First_Name = ?, HouseNo = ?,"
+ " Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2,"
+ " Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1,"
+ " Indicator_Sourcefile_iCARE1=?"
+ " where CALLER_ID = ?";
PreparedStatement pstmt = conn
.createStatement( updateQ, ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY );
pstmt.setString( 1, d.getName() );
pstmt.setString( 2, d.getAddr1() );
pstmt.setString( 3, currentFile );
pstmt.setString( 4, msisdn );
// print what the query actually holds. Not sure if all drivers support this.
System.out.println( "DEBUG: query: " + pstmt.toString() );
int result = pstmt.executeUpdate( updateQ );
System.out.println( "DEBUG: Update Result: " + result );
...
} catch ( Exception ex ) {
// logger.error( ...
ex.printStackTrace(); // keep this until debugged
}
...
如果您
将变量字符串插入命令字符串中,则可以获得ORA-00933,例如
string inputName = "Rose";
string sqlCmd = "SELECT * FROM mytable WHERE brand_name = '" + inputName +"'";
以上工作正常 - 但如果:
string inputName = "Rose's";
生成的 SQL 为 SELECT * FROM mytable WHERE brand_name = 'Rose's'抛出 ORA-00933,所以请记住转义您的单引号!
如果您使用的是LIKE子句,那么您可能不得不开始考虑转义%。人们建议使用预准备语句的原因之一是,您不必担心逃避这些事情。