好的,那么我的SQL*Plus语句有什么问题?据我所知,一切正常吧?
//get parameters from the request
String custID=request.getParameter("cust_ID");
String saleID=request.getParameter("sale_ID");
String firstName=request.getParameter("first_Name");
String mInitial=request.getParameter("mI");
String lastName=request.getParameter("last_Name");
String streetName=request.getParameter("street");
String city=request.getParameter("city");
String state=request.getParameter("state");
String zipCode=request.getParameter("zip_Code");
String DOB=request.getParameter("DOB");
String agentID=request.getParameter("agent_ID");
String homePhone=request.getParameter("home_Phone");
String cellPhone=request.getParameter("cell_Phone");
String profession=request.getParameter("profession");
String employer=request.getParameter("emoployer");
String referrer=request.getParameter("referrer");
stmt.executeUpdate("INSERT INTO customer
(cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
+ " VALUES
(custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");
CREATE TABLE customer
(cust_ID NUMBER NOT NULL,
sale_ID NUMBER NOT NULL,
first_Name VARCHAR2(30) NOT NULL,
mI VARCHAR2(2) ,
last_Name VARCHAR2(50) NOT NULL,
street_Name VARCHAR2(50) NOT NULL,
city VARCHAR2(30) NOT NULL,
state VARCHAR2(2) NOT NULL,
zip_Code VARCHAR2(5) NOT NULL,
DOB DATE ,
agent_ID NUMBER ,
home_Phone VARCHAR2(12) UNIQUE,
cell_Phone VARCHAR2(12) UNIQUE,
profession VARCHAR2(30) ,
employer VARCHAR2(30) ,
referrer VARCHAR2(30)
);
INSERT INTO customer
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);
INSERT INTO customer
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);
SELECT * FROM customer;
没有插入变量的值。您正在插入变量名。
代替stmt.executeUpdate("INSERT INTO customer
(cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
+ " VALUES
(custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");
preparedStatement = connection.prepareStatement("INSERT INTO customer
(cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
+ " VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
preparedStatement.setLong(1, Long.valueOf(custID));
preparedStatement.setLong(2, Long.valueOf(saleID));
preparedStatement.setString(3, firstName);
// ...
preparedStatement.executeUpdate();
请注意,您不应该使用字符串连接+将SQL字符串中的变量粘合在一起。这对SQL注入攻击是完全开放的。始终使用PreparedStatement