【问题标题】:runtime exception in mysqlmysql中的运行时异常
【发布时间】:2014-09-22 08:33:25
【问题描述】:

我有一个如下所示的数据访问对象代码。在注册表中成功插入数据后,我只想提取该特定行的注册表的 CustId。因此,我使用 UserName 列在 readCustomer() 方法中提取特定用户 CustId。程序如下图:

public class RegisterDAO {

    public static int custId;


    private DataSource dataSource;

    public void setDataSource(DataSource dataSource) {
        this.dataSource = dataSource;
    }

    Connection conn = null;
    PreparedStatement ps = null;
    ResultSet rs = null;

    public void createCustomer(Register register) {


        String sql = "INSERT INTO signup "
                + "(CustId,FirstName,LastName,Address1,Address2,Country,State,City,ZipCode,UserName,EmailId,ContactNo,MobileNo,Status)VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,'ONHOLD')";

        Connection conn = null;

        try {
            conn = dataSource.createConnection();
            PreparedStatement ps = conn.prepareStatement(sql);
            ps.setInt(1, register.getId());
            ps.setString(2, register.getFirstName());
            ps.setString(3, register.getLastName());
            ps.setString(4, register.getAddress1());
            ps.setString(5, register.getAddress2());
            ps.setString(6, register.getCountry());
            ps.setString(7, register.getState());
            ps.setString(8, register.getCity());
            ps.setInt(9, register.getZipCode());
            ps.setString(10, register.getUserName());
            ps.setString(11, register.getEmailId());
            ps.setString(12, register.getContactNo());
            ps.setString(13, register.getMobileNo());

            ps.executeUpdate();
            ps.close();




        } catch (SQLException e) {
            throw new RuntimeException(e);

        }

        catch (NullPointerException e1){

        }
        finally {
            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                }
            }
        }

    }

    public void readCustomer(String username) {

        String sql= "select * from signup where UserName= '" + username + "'";

        Connection conn = null;

        try {

            conn = dataSource.createConnection();
            PreparedStatement ps = conn.prepareStatement(sql);

            ResultSet rs = ps.executeQuery();
            if (rs.next()) {
                custId =rs.getInt("CustId");
                System.out.println(custId);
                 }
        }catch (SQLException e) {
            throw new RuntimeException(e);

        }

        catch (NullPointerException e1){

        }
        finally {
            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                }
            }
        }

    }
}

但是这段代码抛出了一个运行时异常:

Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'sindhura' in 'where clause'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:409)
at com.mysql.jdbc.Util.getInstance(Util.java:384)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4232)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4164)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2615)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2776)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2838)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2082)
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:2212)
at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:96)
at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:96)
at com.encryption.DAO.RegisterDAO.readCustomer(RegisterDAO.java:87)
... 23 more

where 子句不接受字符串是我的问题,如果它需要如何解决这个问题? 任何帮助表示赞赏。

下面这句话抛出了一个运行时异常

String sql= "select * from signup where UserName= '" + username + "'";

【问题讨论】:

  • 你能发布上面代码创建的查询吗?注册表的定义是什么?您是否尝试调试您的代码用户名包含的值?
  • 能否提供完整的堆栈跟踪信息?
  • @JavaBeigner 请查看已编辑的问题
  • 您需要显示您在插入和选择时使用的数据。我的猜测是用户名包含撇号。您应该使用 PreparedStatement 而不是连接字符串。更好的是:使用 getGeneratedKeys 功能在插入后获取 id。
  • 您已经在为插入使用准备好的语句,您应该对选择执行相同的操作。它可以防止 SQL 注入,因此是一种最佳实践(而将字符串连接到查询中是不好)。

标签: java mysql sql jdbc


【解决方案1】:

请按照已经向您建议的那样使用准备好的语句和 pr.setString(...)。这是正确使用的 readCustomer(...) 方法:

public void readCustomer(String username) {

        String sql= "select * from signup where UserName = ?";

        Connection conn = null;

        try {

            conn = dataSource.createConnection();
            PreparedStatement ps = conn.prepareStatement(sql);
            ps.setString(1, username);


            ResultSet rs = ps.executeQuery();
            if (rs.next()) {
                custId =rs.getInt("CustId");
                System.out.println(custId);
                 }
        }catch (SQLException e) {
            throw new RuntimeException(e);

        }

        catch (NullPointerException e1){

        }
        finally {
            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                }
            }
        }

    }

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-08-03
    • 2014-02-26
    • 2013-04-06
    • 2014-01-14
    • 2017-02-04
    相关资源
    最近更新 更多