SQLException：executeQuery方法不能用于更新 [英] SQLException: executeQuery method can not be used for update

问题描述

我正在尝试使用java servlet类将从注册表单中获取的用户信息插入到Derby DB中。

I am trying to insert user information taken from a registration form into Derby DB using a java servlet class.

我在NetBeans之后立即连接到NetBeans上的数据库用户单击提交按钮并填写用户的信息。然后它应该运行此方法：

I get connected to the DB on NetBeans right after the user clicks the submit button with the user's information filled out. Then it should run this method:

public void insertNewUser(String userName, String passWord, String lastName, String firstName, String age, char sex, String email) {
    try {
        stmt = conn.createStatement();
        String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES ('" + userName + "', '" + passWord + "', '" + lastName + "', '" + firstName + "', " + age + ", '" + sex + "', '" + email + "')";
        System.out.println(insertNewUserSQL);
        stmt.executeQuery(insertNewUserSQL);
        stmt.close();
    } catch(SQLException sqlExcept) {
        sqlExcept.printStackTrace();
    }
}

但我一直收到以下异常：

But I keep getting the following exception:

java.sql.SQLException: executeQuery method can not be used for update.

这究竟是什么意思？

SQL命令是正确的，因为我可以在NetBeans SQL命令窗口上手动执行。

The SQL command is correct as I can do it manually on NetBeans SQL Command window.

servlet或我不知道的内容是否有限制？

Are there restrictions for servlets or something I don't know about?

提前致谢！

推荐答案

由于您要插入记录，因此您应该使用 executeUpdate（）不是 executeQuery（）。

Since you are inserting a record, you should be using executeUpdate() not executeQuery().

以下是一些通常被滥用的方法：

Here are some methods that are usually misused:

boolean execute（）

boolean execute()

执行此处的SQL语句PreparedStatement对象，可以
为任何类型的SQL语句。

Executes the SQL statement in this PreparedStatement object, which may be any kind of SQL statement.

ResultSet executeQuery（）

ResultSet executeQuery()

在此PreparedStatement对象中执行SQL查询，并返回
查询生成的ResultSet对象。

Executes the SQL query in this PreparedStatement object and returns the ResultSet object generated by the query.

int executeUpdate（）

在此PreparedStatement中执行SQL语句对象，
必须是SQL INSERT，UPDATE或DE LETE声明;或者一个不返回任何内容的SQL语句
，例如DDL语句。

Executes the SQL statement in this PreparedStatement object, which must be an SQL INSERT, UPDATE or DELETE statement; or an SQL statement that returns nothing, such as a DDL statement.

---

还有一件事，你的查询很弱，因为它很容易受到 SQL Injection 的攻击。请使用 PreparedStatement 进行参数化。

---

One more thing, your query is weak as it is vulnerable with SQL Injection. Please do parameterized by using PreparedStatement.

示例代码段：

String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES (?, ?, ?, ?, ?, ?, ?)";
PreparedStatement pstmt = con.prepareStatement(insertNewUserSQL);
pstmt.setString(1, userName);
// ... repeat this step until the last parameter ....
pstmt.setString(7, email);
pstmt.executeUpdate();

• Java PreparedStatement


• Java PreparedStatement

这篇关于SQLException：executeQuery方法不能用于更新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！