【发布时间】:2017-09-26 18:45:18
【问题描述】:
我尝试在 hsqldb 中插入一个字符串,但它给了我这个错误:
> java.sql.SQLSyntaxErrorException: user lacks privilege or object not
found: S
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCStatement.fetchResult(Unknown Source)
at org.hsqldb.jdbc.JDBCStatement.executeUpdate(Unknown Source)
该列设置为VARCHAR(50),sqlstring 是这样构建的:
String sql = "INSERT INTO Emergency Values(" + Counter.emergencyID + ","+
emergency.status +"," + "\""+ emergency.typeD +"\"" + "," + "\""+
emergency.typeB +"\"" + ","+ emergency.floorID + ")";
这是我执行查询的方式:
Statement st = null;
st = con.createStatement(); // statements
int i = st.executeUpdate(sql); // run the query
PS:我知道我对这样的 sqlInjection 持开放态度。
编辑:值是
sql = "INSERT INTO Emergency Values(0,1,"S","IB",1)"
如果我将字符串更改为 ;
String sql = "INSERT INTO Emergency Values(" + Counter.emergencyID + ","+
emergency.status +","+ emergency.typeD +","+ emergency.typeB +","+
emergency.floorID +")";
同样的错误发生
【问题讨论】:
-
所以,您不会认为
emergency字段的内容可能与手头的问题有任何相关性,是吗? -
而且你不认为当错误发生时向我们展示
sql字符串的实际内容有任何意义,对吧?