在 Spring JDBC 中更新查询
Update query in Spring JDBC
我正在编写一个使用 spring jdbc 更新记录的简单方法
@Override
public void updateEmployee(Employee e, int id) {
try {
Connection connection = DemoApplicationServiceImpl.getConnection();
Statement statement = connection.createStatement();
String update = "UPDATE salesforce.Employee__c SET First_Name__c = " + e.getFirst() + ", Last_Name__c = "
+ e.getLast() + ", Email__c = " + e.getEmail() + " WHERE Id = " + id;
System.out.println(update);
statement.executeQuery(update);
} catch (Exception ex) {
ex.printStackTrace();
}
}
它给我一个错误
psqlexception column "umair" does not exist
umair 甚至不是数据库中的一列
有人能帮忙吗?
谢谢
您的解决方案可能会导致 SQL 注入或语法错误,请改用 PreparedStatement 它更安全且更有帮助:
String update = "UPDATE salesforce.Employee__c SET First_Name__c = ?, Last_Name__c = ?, Email__c = ? WHERE Id = ? ";
try (PreparedStatement pstm = connection.prepareStatement(update)) {
pstm.setString(1, e.getFirst());
pstm.setString(2, e.getLast());
pstm.setString(3, e.getEmail());
pstm.setInt(4, id);
pstm.executeUpdate();
}
关于您的错误:
你得到那个错误是因为你尝试使用这样的东西:
SET First_Name__c = umair
但是 String 或 varchar 应该在两个引号之间:
SET First_Name__c = 'umair'
//------------------^_____^
试试这个:
String update = "UPDATE salesforce.Employee__c SET First_Name__c = '" + e.getFirst() + "', Last_Name__c = '"
+ e.getLast() + "', Email__c = '" + e.getEmail() + "' WHERE Id = " + id;
将字段与字符串值(以及其他一般值)进行比较时,需要使用引号,例如 FIELD = 'Value'.
但正如其他人所说,最好始终使用 PreparedStatement
https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
我正在编写一个使用 spring jdbc 更新记录的简单方法
@Override
public void updateEmployee(Employee e, int id) {
try {
Connection connection = DemoApplicationServiceImpl.getConnection();
Statement statement = connection.createStatement();
String update = "UPDATE salesforce.Employee__c SET First_Name__c = " + e.getFirst() + ", Last_Name__c = "
+ e.getLast() + ", Email__c = " + e.getEmail() + " WHERE Id = " + id;
System.out.println(update);
statement.executeQuery(update);
} catch (Exception ex) {
ex.printStackTrace();
}
}
它给我一个错误
psqlexception column "umair" does not exist
umair 甚至不是数据库中的一列
有人能帮忙吗?
谢谢
您的解决方案可能会导致 SQL 注入或语法错误,请改用 PreparedStatement 它更安全且更有帮助:
String update = "UPDATE salesforce.Employee__c SET First_Name__c = ?, Last_Name__c = ?, Email__c = ? WHERE Id = ? ";
try (PreparedStatement pstm = connection.prepareStatement(update)) {
pstm.setString(1, e.getFirst());
pstm.setString(2, e.getLast());
pstm.setString(3, e.getEmail());
pstm.setInt(4, id);
pstm.executeUpdate();
}
关于您的错误:
你得到那个错误是因为你尝试使用这样的东西:
SET First_Name__c = umair
但是 String 或 varchar 应该在两个引号之间:
SET First_Name__c = 'umair'
//------------------^_____^
试试这个:
String update = "UPDATE salesforce.Employee__c SET First_Name__c = '" + e.getFirst() + "', Last_Name__c = '"
+ e.getLast() + "', Email__c = '" + e.getEmail() + "' WHERE Id = " + id;
将字段与字符串值(以及其他一般值)进行比较时,需要使用引号,例如 FIELD = 'Value'.
但正如其他人所说,最好始终使用 PreparedStatement https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html