【问题标题】:Exception com.mysql.jdbc.exceptions.MySQLSyntaxErrorException异常 com.mysql.jdbc.exceptions.MySQLSyntaxErrorException
【发布时间】:2017-03-17 07:58:52
【问题描述】:

我试图向我的数据库添加一些数据,但出现错误:com.mysql.jdbc.exceptions.MySQLSyntaxErrorException。

代码如下:

Main.java 中的 AddToDatabase 方法

public static void addToDatabaze(String name ,String address, String city, String phone, String email, String dateOfBirth, String age, String martialStatus, String gender, String id, String mainDepartment, String department, String training) throws ClassNotFoundException, SQLException
{
    //Databaza
    Class.forName("com.mysql.jdbc.Driver");
    String url="jdbc:mysql://***.*.*.*:****/employ";
    String uname="*****";
    String pass="***********";
    connect = DriverManager.getConnection(url,uname,pass);
    Statement statement;
    String query = "INSERT INTO employeetable (name,address,city,phone,email,dateofbirth,age,martialstatus,gender,id,maindepartment,department,training)values(" + name + "," + address + "," + city + "," + phone + "," + email + "," + dateOfBirth + "," + age + "," + martialStatus + "," + gender + "," + id + "," + mainDepartment + "," + department + "," + training + ")";
    statement = connect.createStatement();
    statement.execute(query);
}

AddNewEmployeeController.java

    private Main main;
    @FXML
    private TextField nameField;
    @FXML
    private TextField addressField;
    @FXML
    private TextField cityField;
    @FXML
    private TextField phoneField;
    @FXML
    private TextField emailField;

    @FXML
    private DatePicker dateOfBirth;
    @FXML
    private TextField ageField;
    @FXML
    private ChoiceBox martialStatusBox;

    @FXML
    private RadioButton maleButton;
    @FXML
    private RadioButton femaleButton;


    @FXML
    private TextField idField;
    @FXML
    private ComboBox mainDepartmentBox;
    @FXML
    private ComboBox departmentBox;
    @FXML
    private CheckBox yesBox;
    @FXML
    private CheckBox noBox;

@FXML
    private void addButton() throws ClassNotFoundException, SQLException
    {
        if(yesBox.isSelected())
            {
                main.addToDatabaze(nameField.getText(),addressField.getText(),cityField.getText(),phoneField.getText(),emailField.getText(),dateOfBirth.getValue().toString(),ageField.getText(),martialStatusBox.getSelectionModel().getSelectedItem().toString(),"Male",idField.getText(),mainDepartmentBox.getSelectionModel().getSelectedItem().toString(),departmentBox.getSelectionModel().getSelectedItem().toString(),"Yes");
                closeBtn();
            }
    }

输出:

Caused by: com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Years,Single,Male,1404996,Electrical,Design,Yes)' at line 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2985)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1631)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1723)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3277)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3206)
at com.mysql.jdbc.Statement.execute(Statement.java:727)
at employee.Main.addToDatabaze(Main.java:58)
at employee.view.AddNewEmployeeController.addButton(AddNewEmployeeController.java:164)
... 118 more

附言Main:java:58 是这一行:

statement.execute(query);

AddNewEmployeeController.java:164 是这一行:

main.addToDatabaze(nameField.getText(),addressField.getText(),cityField.getText(),phoneField.getText(),emailField.getText(),dateOfBirth.getValue().toString(),ageField.getText(),martialStatusBox.getSelectionModel().getSelectedItem().toString(),"Male",idField.getText(),mainDepartmentBox.getSelectionModel().getSelectedItem().toString(),departmentBox.getSelectionModel().getSelectedItem().toString(),"Yes");

年,单身,男,1404996,电气,设计,是: 当我尝试将数据添加到:TextField ageField,ChoiceBox 武力状态框,“男性”,idField,组合框 mainDepartmentBox,组合框部门框,“是”。

【问题讨论】:

  • 请学习如何使用准备好的语句;见this tutorial。您当前正在将值连接到查询中,这不仅危险,而且您甚至没有尝试正确执行此操作。然而,切换到准备好的语句要好得多(也更容易)。另见stackoverflow.com/questions/3271249/…
  • @Mark Rotteveel 谢谢,我现在试试。
  • 试试... training) values (" + name ...而不是... training)values(" + name ...
  • @JanezKuhar 这不会解决这个问题,而且在很多 SQL 方言中,括号和关键字之间没有空格实际上是完全有效的。
  • 打印出变量age。看起来您正在插入Years,查看堆栈跟踪。 @MarkRotteveel 你是对的。

标签: java mysql jdbc syntax-error


【解决方案1】:

你需要使用prepared statements:

try (PreparedStatement statement = connection.prepareStatement(
        "INSERT INTO employeetable (name,address,city,phone,email,dateofbirth,age,martialstatus,gender,id,maindepartment,department,training)" + 
        " values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
    statement.setString(1, name);
    statement.setString(2, address);
    // ... etc for the other fields

    statement.executeUpdate();
}

您的原始代码的问题是您忘记在字符串值周围添加引号。天真的解决方案是使用

"...('" + name + "','" + address + "'..."

但这仍然很糟糕,因为猜猜如果 name 的值是 O'Reilly 会发生什么。这就是所谓的 SQL 注入,它是最大的安全问题之一,即使使用如上所示的预准备语句很容易避免。

【讨论】:

    猜你喜欢
    • 2012-07-19
    • 2013-06-14
    • 2017-10-03
    • 1970-01-01
    • 2016-09-11
    • 2021-12-05
    • 2012-06-17
    • 1970-01-01
    相关资源
    最近更新 更多