I had tried several times using prepared statements but it returns SQL exception. here is my code:
我曾多次尝试使用预处理语句,但它返回SQL异常。这是我的代码:
public ArrayList<String> name(String mobile, String password) {
ArrayList<String> getdata = new ArrayList<String>();
PreparedStatement stmt = null;
try {
String login = "select mobile, password from tbl_1 join tbl_2 on tbl_1.fk_id=2.Pk_ID where mobile=? and password=?";
String data = "select * from tbl_2 where password='" + password + "'";
PreparedStatement preparedStatement = conn.prepareStatement(login);
preparedStatement.setString(1, mobile);
preparedStatement.setString(1, password);
ResultSet rs = preparedStatement.executeQuery(login);
Statement stmts = (Statement) conn.createStatement();
if (rs.next()) {
System.out.println("Db inside RS");
ResultSet data = stmts.executeQuery(data);
while (data.next()) { /* looping through the resultset */
getdata.add(data.getString("name"));
getdata.add(data.getString("place"));
getdata.add(data.getString("age"));
getdata.add(data.getString("job"));
}
}
} catch (Exception e) {
System.out.println(e);
}
return getdata;
}
While running this, I got the following SQL exception:
运行此时,我得到以下SQL异常:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? and password=?' at line 1.
Any suggestion to make this work? any piece of code is appreciated.
有什么建议使这项工作?任何一段代码都表示赞赏。
2 个解决方案
#1
20
You need to use:
你需要使用:
preparedStatement.executeQuery();
instead of
代替
preparedStatement.executeQuery(login);
when you pass in a string to executeQuery() that query is executed literally and thus the ? is send to the database which then creates the error. By passing query string you are not execution the "cached" prepared statement for which you passed the values.
当你传入一个字符串executeQuery()时,该字符串执行查询,因此?发送到数据库然后创建错误。通过传递查询字符串,您不会执行为其传递值的“缓存”预准备语句。
#2
0
For both parameter you use preparedStatement.setString(1, ..); so the first parameter is set two times. but you never set the value for second parameter.
对于这两个参数,您可以使用preparedStatement.setString(1,..);所以第一个参数设置了两次。但是你永远不会为第二个参数设置值。
so change
所以改变
preparedStatement.setString(1, mobile);
preparedStatement.setString(1, password);
to
至
preparedStatement.setString(1, mobile);
preparedStatement.setString(2, password);
#1
20
You need to use:
你需要使用:
preparedStatement.executeQuery();
instead of
代替
preparedStatement.executeQuery(login);
when you pass in a string to executeQuery() that query is executed literally and thus the ? is send to the database which then creates the error. By passing query string you are not execution the "cached" prepared statement for which you passed the values.
当你传入一个字符串executeQuery()时,该字符串执行查询,因此?发送到数据库然后创建错误。通过传递查询字符串,您不会执行为其传递值的“缓存”预准备语句。
#2
0
For both parameter you use preparedStatement.setString(1, ..); so the first parameter is set two times. but you never set the value for second parameter.
对于这两个参数,您可以使用preparedStatement.setString(1,..);所以第一个参数设置了两次。但是你永远不会为第二个参数设置值。
so change
所以改变
preparedStatement.setString(1, mobile);
preparedStatement.setString(1, password);
to
至
preparedStatement.setString(1, mobile);
preparedStatement.setString(2, password);