错误我用Java语言(Netbeans的)SQL
问题描述:
private void btnSaveActionPerformed(java.awt.event.ActionEvent evt) {
// TODO add your handling code here:
try {
con = Connect.ConnectDB();
if (PatientID.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please retrieve Patient ID", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtNoOfDays.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter no. of days", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtServiceCharges.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please retrieve service charges", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtBillingDate.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter billing date", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
if (txtTotalPaid.getText().equals("")) {
JOptionPane.showMessageDialog(this, "Please enter total paid", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
double add1 = Double.parseDouble(txtRoomCharges.getText());
double add = Double.parseDouble(txtNoOfDays.getText());
double add2 = add * add1;
txtTotalRoomCharges.setText(String.valueOf(add2));
double add3 = Double.parseDouble(txtServiceCharges.getText());
double add5 = ((add * add1) + add3);
txtTotalCharges.setText(String.valueOf(add5));
double paid = Double.parseDouble(txtTotalPaid.getText());
txtTotalPaid.setText(String.valueOf(paid));
if (add5 > paid) {
double datadue = add5 - paid;
txtDueCharges.setText(String.valueOf(datadue));
}
//double add1 = Double.parseDouble(txtTotalCharges.getText());
//double add2 = Double.parseDouble(txtTotalPaid.getText());
Statement stmt;
stmt = con.createStatement();
String sql1 = "Select DischargeID from bill_room where DischargeID= " + txtDischargeID.getText() + "";
rs = stmt.executeQuery(sql1);
if (rs.next()) {
JOptionPane.showMessageDialog(this, "Record already exists", "Error", JOptionPane.ERROR_MESSAGE);
return;
}
String sql = "insert into bill_room(DischargeID,BillingDate,RoomCharges,ServiceCharges,PaymentMode,PaymentModeDetails,ChargesPaid,DueCharges,TotalCharges,NoOfDays,TotalRoomCharges) values(" + txtDischargeID.getText() + ",'" + txtBillingDate.getText() + "'," + txtRoomCharges.getText() + "," + txtServiceCharges.getText() + ",'" + cmbPaymentMode.getSelectedItem() + "','" + txtPaymentModeDetails.getText() + "'," + txtTotalPaid.getText() + "," + txtDueCharges.getText() + "," + txtTotalCharges.getText() + "," + txtNoOfDays.getText() + "," + txtTotalRoomCharges.getText() + ")";
pst = con.prepareStatement(sql);
pst.execute();
JOptionPane.showMessageDialog(this, "Successfully saved", "Record", JOptionPane.INFORMATION_MESSAGE);
btnSave.setEnabled(false);
} catch (HeadlessException | SQLException ex) {
JOptionPane.showMessageDialog(this, ex);
}
我有这样的代码,当执行运行(有时顺利,有时会出错) 当错误发生:
com.mysql.jdbc.exceptions.jbdc4.MySQLSyntaxErrorException”你的SQL语法有错误 ;检查对应于您 MariaDB的服务器版本附近使用权sysntax手册'110800.0,9,10800.0);在1号线
当明确
运行什么是不完全正确吗? 我需要你的帮助或建议
答
你已经在使用PreparedStatement的,为什么你不正确地使用它,所以要避免语法错误和SQL注入,您可以使用:
String sql = "insert into bill_room(DischargeID, BillingDate, "
+ "RoomCharges, ServiceCharges, PaymentMode, PaymentModeDetails, "
+ "ChargesPaid, DueCharges, TotalCharges, NoOfDays, TotalRoomCharges) "
+ "values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
try (PreparedStatement insert = connection.prepareStatement(sql)) {
insert.setInt(1, txtDischargeID.getText());
insert.setString(2, txtBillingDate.getText());
//...Set the the right type if int use setInt if string use setString ...
insert.setDouble(11, Double.parseDouble(txtTotalRoomCharges.getText()));
insert.executeUpdate();
}
同样的事情选择。
+0
Thankyou。 :)我有解决方案。 Thankyou –
+0
欢迎您@DICKYIBROHIM –
使用'PreparedStatement's不仅将解决这个错误,而且由于错误消息告诉您从SQL注入攻击 – Mureinik
保护你,你的SQL语法被打破。您在运行时基于输入动态构建SQL(顺便说一下,它对SQL注入攻击广泛开放),所以我们不知道您实际执行的是哪个SQL代码。在调试时,实际的SQL代码是什么? – David