HSQL 数据库用户缺少权限或找不到对象错误尝试将数据插入数据库
HSQL database user lacks privilege or object not found error try insert data into database
我尝试从文本文件中读取数据然后插入数据库,但一直出错。
下面是我正在写的代码
Class.forName("org.hsqldb.jdbcDriver");
connection = DriverManager.getConnection("jdbc:hsqldb:TestDB", "sa", "123");
connection.prepareStatement("drop table people if exists;").execute();
connection.prepareStatement("create table people (id integer, name varchar(20) not null, picture varchar(20), detail varchar(40), gender varchar(5), age integer, state varchar(5), primary key(id));").execute();
String fileName = "/Users/da/Desktop/AP Assignment 2/people.txt";
BufferedReader br = new BufferedReader(new FileReader(fileName));
while (strLine != null) {
String data[] = null;
strLine = br.readLine();
data = strLine.split(",");
int id = Integer.parseInt(data[0]);
String name = data[1];
String picture = data[2];
String detail = data[3];
String gender = data[4];
int age = Integer.parseInt(data[5]);
System.out.println(age);
String state = data[6];
String sql = "insert into people(id, name, picture, detail, gender, age, state) values (" + id + "," + name + ", " + picture + ", " + detail + ", " + gender + ", " + age + ", " + state + ")";
connection.prepareStatement(sql).execute();
connection.commit();
}
br.close();
通过尝试将数据值嵌入到您的 SQL 字符串中,您已经创建了一个 SQL 注入 问题。例如,代码
int id = 1;
String name = "gord";
String sql = "INSERT INTO people (id, name) VALUES (" + id + ", " + name + ")";
System.out.println(sql);
打印
INSERT INTO people (id, name) VALUES (1, gord)
当我们尝试执行该语句时,查询解析器将 1 识别为整数文字,但它会将 gord 解释为列名,因此我们将得到 "user lacks privilege or object not found" 错误.
解决方案是使用 参数化查询,如下所示:
int id = 1;
String name = "gord";
String sql = "INSERT INTO people (id, name) VALUES (?, ?)";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1, id);
ps.setString(2, name);
ps.executeUpdate();
我尝试从文本文件中读取数据然后插入数据库,但一直出错。
下面是我正在写的代码
Class.forName("org.hsqldb.jdbcDriver");
connection = DriverManager.getConnection("jdbc:hsqldb:TestDB", "sa", "123");
connection.prepareStatement("drop table people if exists;").execute();
connection.prepareStatement("create table people (id integer, name varchar(20) not null, picture varchar(20), detail varchar(40), gender varchar(5), age integer, state varchar(5), primary key(id));").execute();
String fileName = "/Users/da/Desktop/AP Assignment 2/people.txt";
BufferedReader br = new BufferedReader(new FileReader(fileName));
while (strLine != null) {
String data[] = null;
strLine = br.readLine();
data = strLine.split(",");
int id = Integer.parseInt(data[0]);
String name = data[1];
String picture = data[2];
String detail = data[3];
String gender = data[4];
int age = Integer.parseInt(data[5]);
System.out.println(age);
String state = data[6];
String sql = "insert into people(id, name, picture, detail, gender, age, state) values (" + id + "," + name + ", " + picture + ", " + detail + ", " + gender + ", " + age + ", " + state + ")";
connection.prepareStatement(sql).execute();
connection.commit();
}
br.close();
通过尝试将数据值嵌入到您的 SQL 字符串中,您已经创建了一个 SQL 注入 问题。例如,代码
int id = 1;
String name = "gord";
String sql = "INSERT INTO people (id, name) VALUES (" + id + ", " + name + ")";
System.out.println(sql);
打印
INSERT INTO people (id, name) VALUES (1, gord)
当我们尝试执行该语句时,查询解析器将 1 识别为整数文字,但它会将 gord 解释为列名,因此我们将得到 "user lacks privilege or object not found" 错误.
解决方案是使用 参数化查询,如下所示:
int id = 1;
String name = "gord";
String sql = "INSERT INTO people (id, name) VALUES (?, ?)";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1, id);
ps.setString(2, name);
ps.executeUpdate();