gpt4 book ai didi

java - 为什么我收到 : [Oracle][ODBC][Ora]ORA-00904: invalid identifier

转载 作者:行者123 更新时间:2023-12-01 06:33:43 27 4
gpt4 key购买 nike

当我清楚地识别了变量时,Oracle 不断给我一个无效标识符错误。

  //get parameters from the request
String custID=request.getParameter("cust_ID");
String saleID=request.getParameter("sale_ID");
String firstName=request.getParameter("first_Name");
String mInitial=request.getParameter("mI");
String lastName=request.getParameter("last_Name");
String streetName=request.getParameter("street");
String city=request.getParameter("city");
String state=request.getParameter("state");
String zipCode=request.getParameter("zip_Code");
String DOB2=request.getParameter("DOB");
String agentID=request.getParameter("agent_ID");
String homePhone=request.getParameter("home_Phone");
String cellPhone=request.getParameter("cell_Phone");
String profession=request.getParameter("profession");
String employer=request.getParameter("employer");
String referrer=request.getParameter("referrer");


query =
"UPDATE customer"
+ " SET customer.cust_ID=custID, customer.sale_ID=saleID, customer.first_Name=firstName, customer.mI=mInitial, customer.last_Name=lastName, customer.street_Name=streetName, customer.city=city, customer.state=state, customer.zip_Code=zipCode,customer. DOB=DOB2, customer.agent_ID=agentID, customer.home_Phone=homePhone, customer.cell_Phone=cellPhone, customer.profession=profession, customer.employer=employer, customer.referrer=referrer"
+ " WHERE customer.cust_ID=custID " ;

preparedStatement = conn.prepareStatement(query);


preparedStatement.executeUpdate();

SQL 表

        CREATE TABLE customer
(cust_ID NUMBER NOT NULL,
sale_ID NUMBER NOT NULL,
first_NameVARCHAR2(30) NOT NULL,
mI VARCHAR2(2) ,
last_Name VARCHAR2(50) NOT NULL,
street_Name VARCHAR2(50) ,
city VARCHAR2(30) NOT NULL,
state VARCHAR2(50) NOT NULL,
zip_Code VARCHAR2(5) NOT NULL,
DOB DATE ,
agent_ID NUMBER ,
home_Phone VARCHAR2(12) UNIQUE,
cell_Phone VARCHAR2(12) UNIQUE,
profession VARCHAR2(30) ,
employer VARCHAR2(30) ,
referrer VARCHAR2(30)
);

最佳答案

您的代码没有按照您的想法进行操作。看看这个:

query =
"UPDATE customer"
+ " SET customer.cust_ID=custID, customer.sale_ID=saleID, customer.first_Name=firstName, customer.mI=mInitial, customer.last_Name=lastName, customer.street_Name=streetName, customer.city=city, customer.state=state, customer.zip_Code=zipCode,customer. DOB=DOB2, customer.agent_ID=agentID, customer.home_Phone=homePhone, customer.cell_Phone=cellPhone, customer.profession=profession, customer.employer=employer, customer.referrer=referrer"
+ " WHERE customer.cust_ID=custID "

此时查询的内容正是将发送到数据库的内容。在将查询发送到数据库之前,JSP 将不会神奇地为您填写custIDsaleID(等等)。因此,Oracle 不知道 custID 是什么(它肯定不是 customer 表中其他列的名称)。因此,您会收到无效标识符错误。

认为你正在尝试这样做:

query =
"UPDATE customer"
+ " SET customer.cust_ID=" + custID + ", customer.sale_ID=" + saleID + ...

就像 duffymo 提到的那样,这会带来严重的 SQL 注入(inject)问题(只需考虑客户端可以提交的值,以便通过 custID 字段劫持您的 SQL)。更好的方法是在 PreparedStatement 上使用参数:

query =
"UPDATE customer"
+ " SET customer.cust_ID=?, customer.sale_ID=? ...";

PreparedStatement statement = conn.prepareStatement(query);
statement.setString(1, custID);
statement.setString(2, saleID);
statement.executeUpdate();

关于java - 为什么我收到 : [Oracle][ODBC][Ora]ORA-00904: invalid identifier,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5694737/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com