在数据库中插入值问题 [英] problem in inserting the value in the database

问题描述

您好，我正在开发的Andr​​oid应用程序。我使用SQL Server 2008 R2数据库来存储数据和检索数据。现在，当我在插入我在表中插入4日期数据库中的值。

Hi i am developing the android application. I am using sql server 2008 R2 database to store the data and retrieve the data. Now when i am inserting the value in the database i am inserting 4 dates in the table.

下面是查询：

"INSERT Into Task_Master VALUES ('1'," +
                "" +userId+"," +userId+ ",'N','" +Subject+ "'," +
                "'" + serverdate + "','" + StartDate+ "','" + serverdate + "'," +
                "'"+" "+"'," +
                "'" +" "+ "','0'," +groupId+ ",0,0,1,0,'1/1/1900','','N','" +cal.getTime()+ "','')" +
                " Select Scope_Identity()";

在该Serverdate，起始日期，Cal.getTime（）都具有数据类型的日期。而在数据库中，我已经使用了datetime数据类型。但它仍然给了我异常它说值java.sql.SQLException：把从字符串日期或/和时间转换失败。请帮助我，如果你知道答案。我搜索在googlwe，但没有得到答案。

In that "Serverdate" , StartDate,Cal.getTime() all have data type Date. And in database i have used the datetime data type. But still it gives me Exception which says "java.sql.sqlexception:Conversion failed when converting date or/and time from character string ". Do help me if you know the answer. I searched in googlwe but haven't got the answer.

推荐答案

好吧，让我们做到这一点。

Ok, let's do this.

首先，也是最重要的是，你的code是易受 SQL注入 。你应该上工作，并开始使用的参数。

First, and most important of all, your code is vulnerable to SQL Injection. You should work on that and start using parameters.

第二，你开始使用参数的时候，你的错误很可能会消失（或重新出现在其他地方，这个时候什么地方不对劲儿更清晰）。这是因为，也许服务器不喜欢你的<一个href=\"http://stackoverflow.com/questions/2349378/new-programming-jargon-you-coined/2444303#2444303\">stringly键入日期格式，所以它失败。

Second, by the time you start using parameters, your error will most likely disappear (or reappear somewhere else, this time clearer on what's wrong). That's because, probably, the server "doesn't like" your stringly typed date format, so it fails.

更新

有关使用Java参数化查询，在这里读到：

About parameterized queries in java, read here:

• https://www.owasp.org/index.php/$p$ pventing_SQL_Injection_in_Java


• 的http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html


• http://download.oracle.com/javase /tutorial/jdbc/basics/$p$ppared.html


• http://www.javaworld.com/和javaworld / JW-04-2007 / JW-04-jdbc.html

• https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java
• http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html
• http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html
• http://www.javaworld.com/javaworld/jw-04-2007/jw-04-jdbc.html

这篇关于在数据库中插入值问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！