gpt4 book ai didi

What's the mistake in this JDBC program(此JDBC程序中的错误是什么)

转载 作者:bug小助手 更新时间:2023-10-28 13:32:42 25 4
gpt4 key购买 nike



package jdbc;

import java.sql.*;
import java.util.Scanner;

public class Table {

public static void main(String[] args) {
String name;
int age;
Scanner sc = new Scanner(System.in);
System.out.println("Enter name and age: ");
name = sc.nextLine();
age = sc.nextInt();
try{
Connection con = DriverManager.getConnection("jdbc:mysql:" +
"//localhost/demo","root","");
Statement st = con.createStatement();
//SQL Query to insert user input
String sql = "insert into tab values(3,"+name+","+age+");";
//Execute INSERT
st.executeUpdate(sql);
//Dislplay table "tab"
ResultSet rs = st.executeQuery("select * from tab");
while(rs.next()){
System.out.println(rs.getInt(1) + " " + rs.getString(2)"+
" " " + rs.getInt(3));
}
} catch(Exception e){
e.printStackTrace();
}
}
}

OUTPUT:


Enter name and age: 
arpit //user input
18 //user input
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'arpit' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:400)
at com.mysql.jdbc.Util.getInstance(Util.java:383)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:980)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3847)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3783)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2447)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2594)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2541)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1604)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1535)
at jdbc.Table.main(Table.java:20)

更多回答

You have SQL-injection vulnerability. Use PreparedStatement to fix it, it will also fix your current problem.

您有SQL注入漏洞。使用PreparedStatement来修复它,它也会修复您当前的问题。

the resulting SQL statement you created is like insert into tab values(3, arpit, 18) - since it is missing quotes around arpit, that is interpreted as a column name. Using single concatenation, as done here, can be a security problem, see Bobby Tables or search "SQL injection"

您创建的SQL语句结果类似于insert into tab values(3,arpit,18)-因为它缺少arpit周围的引号,这被解释为列名。使用单一的串联,如这里所做的,可能是一个安全问题,请参阅鲍比表或搜索“SQL注入”

优秀答案推荐

Invalid value entered. Use PreparedStatement to set the values in the query. Use column names in the sql which values should be inserted. The primary key is auto generated by default in MySQL, so you don't need to use it. At the end you also don't need to specify the ;. When statement is executed it automatically adds the closing character.

输入的值无效。使用PreparedStatement设置查询中的值。在应该插入哪些值的SQL中使用列名。MySQL默认自动生成主键,无需使用。最后,您也不需要指定;。当执行语句时,它会自动添加结束字符。


//SQL Query to insert user input
String sql = "insert into tab(name, age) values(?,?)";
Statement st = con.prepareStatement(sql);

st.setString(1, name);
st.setInt(2, age);

//Execute INSERT
st.executeUpdate();

更多回答

If this answer helped you then you should mark it as accepted. The checkbox I'd on the left of the answer. Also it's worth to vote up the answer that helped you the same to help others to choose the correct answer.

如果这个答案对您有帮助,那么您应该将其标记为已接受。我在答案左边的那个复选框。此外,投票支持同样帮助你的答案也是值得的,以帮助其他人选择正确的答案。

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com