SQLException:executeQuery 方法不能用于更新 [英] SQLException: executeQuery method can not be used for update

问题描述

我正在尝试使用 java servlet 类将从注册表单中获取的用户信息插入到 Derby DB 中.

I am trying to insert user information taken from a registration form into Derby DB using a java servlet class.

在用户单击提交按钮并填写用户信息后，我立即连接到 NetBeans 上的数据库.然后它应该运行这个方法:

I get connected to the DB on NetBeans right after the user clicks the submit button with the user's information filled out. Then it should run this method:

public void insertNewUser(String userName, String passWord, String lastName, String firstName, String age, char sex, String email) {
    try {
        stmt = conn.createStatement();
        String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES ('" + userName + "', '" + passWord + "', '" + lastName + "', '" + firstName + "', " + age + ", '" + sex + "', '" + email + "')";
        System.out.println(insertNewUserSQL);
        stmt.executeQuery(insertNewUserSQL);
        stmt.close();
    } catch(SQLException sqlExcept) {
        sqlExcept.printStackTrace();
    }
}

但我不断收到以下异常:

But I keep getting the following exception:

java.sql.SQLException: executeQuery method can not be used for update.

这到底是什么意思?

SQL 命令是正确的，因为我可以在 NetBeans SQL 命令窗口上手动执行.

The SQL command is correct as I can do it manually on NetBeans SQL Command window.

对 servlet 是否有限制或我不知道的东西?

Are there restrictions for servlets or something I don't know about?

提前致谢！

推荐答案

既然你在插入一条记录，你应该使用 executeUpdate() 而不是 executeQuery().

Since you are inserting a record, you should be using executeUpdate() not executeQuery().

以下是一些经常被误用的方法:

Here are some methods that are usually misused:

布尔值执行()

执行这个PreparedStatement对象中的SQL语句，可能可以是任何类型的 SQL 语句.

Executes the SQL statement in this PreparedStatement object, which may be any kind of SQL statement.

结果集执行查询()

在这个 PreparedStatement 对象中执行 SQL 查询并返回查询生成的 ResultSet 对象.

Executes the SQL query in this PreparedStatement object and returns the ResultSet object generated by the query.

int executeUpdate()

执行这个PreparedStatement对象中的SQL语句，它必须是 SQL INSERT、UPDATE 或 DELETE 语句；或 SQL 语句不返回任何内容，例如 DDL 语句.

Executes the SQL statement in this PreparedStatement object, which must be an SQL INSERT, UPDATE or DELETE statement; or an SQL statement that returns nothing, such as a DDL statement.

<小时>

还有一点，您的查询很弱，因为它容易受到SQL 注入 的攻击.请使用 PreparedStatement 进行参数化.

---

One more thing, your query is weak as it is vulnerable with SQL Injection. Please do parameterized by using PreparedStatement.

示例代码片段:

String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES (?, ?, ?, ?, ?, ?, ?)";
PreparedStatement pstmt = con.prepareStatement(insertNewUserSQL);
pstmt.setString(1, userName);
// ... repeat this step until the last parameter ....
pstmt.setString(7, email);
pstmt.executeUpdate();

• Java PreparedStatement

这篇关于SQLException:executeQuery 方法不能用于更新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！