Java MYSQL准备语句错误：检查语法在“？”附近使用在第1行 [英] Java MYSQL Prepared Statement Error: Check syntax to use near '?' at line 1

问题描述

我正在尝试使用java mysql库但是我在使用预准备语句时遇到了问题。我不确定我错过了什么。下面是我在尝试使用预准备语句时遇到的MYSQL错误。

I am trying to use the java mysql library but I am having issues using a prepared statement. I am not sure what I am missing. Below is what I have with the MYSQL error attempting to use the prepared statement.

String query = "SELECT id, clicks FROM mailer.links WHERE campaign_id=?";
    try {

        preparedStatement = connect.prepareStatement(query);
        preparedStatement.setInt(1, campaignId);
        preparedStatement.execute();
        Statement st = connect.createStatement();


        // execute the query, and get a java resultset
        ResultSet rs = st.executeQuery(query);

我收到以下错误：

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: 
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '?' at line 1

如果我执行campaign_id =+ campaignId，它是有效的，但SQL注入是等待发生的。

It works if I do "campaign_id=" + campaignId , but is a SQL injection waiting to happen.

推荐答案

试试这个

ResultSet rs = preparedStatement.executeQuery（）;

这篇关于Java MYSQL准备语句错误：检查语法在“？”附近使用在第1行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！