SQL查询在工作台中工作，但在Java中给出语法错误 [英] SQL Query works in workbench but gives syntax error in java

问题描述

我在sql Workbench和java的executeUpdate()方法中都运行了查询:

I ran the query in both sql Workbench and in the executeUpdate() method in java:

在工作台中:

INSERT INTO recentsearches (name) VALUES ("blah");

在Java中:

statement.executeUpdate("INSERT INTO recentsearches (name) VALUES (\""+name+"\""));

假设名称="blah".但是我在Java中运行查询时遇到语法错误，我已经检查了字符串值的名称.它肯定是"blah"，我并没有忘记字符串值周围的语音标记，但是我仍然遇到语法错误.

Assuming name = "blah". But I get a syntax error from running the query in java, I've already checked the string value for name. It definitely comes up as "blah", and I didn't forget the speech marks around string values, yet I still get a syntax error.

我在控制台中收到的错误是:

The error I get in my console is:

查看与您的MySQL服务器版本相对应的手册， 在第1行的''附近使用正确的语法

check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

推荐答案

尝试使用:

"INSERT INTO recentsearches (name) VALUES("+name+")"; 

我的建议，请使用PreparedStatement，因为它具有:

My advice, use PreparedStatement because it has:

-SQL语句的预编译和数据库侧缓存可提高整体执行速度，并能够批量重用同一条SQL语句.

-Precompilation and DB-side caching of the SQL statement leads to overall faster execution and the ability to reuse the same SQL statement in batches.

-通过对引号和其他特殊字符进行内置转义来自动防止SQL注入攻击.请注意，这要求您使用任何PreparedStatement setXxx()方法来设置值

-Automatic prevention of SQL injection attacks by builtin escaping of quotes and other special characters. Note that this requires that you use any of the PreparedStatement setXxx() methods to set the values

这篇关于SQL查询在工作台中工作，但在Java中给出语法错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！