2015-08-25 101 views
-2

我写了这个查询:解决这个错误

String sql = "Update db " +       
"SET LName = '"+txtLName.getText()+"'," +        
"ATC_Code = '"+txtATCcode.getText()+"'," +        
"ATC_Name= '"+txtATCname.getText()+"'," +        
"Course_Name = '"+txtCourseName.getText()+"'," + 
"Course_Fee = '"+txtCourseFee.getText()+"'," + 
"Where FName = '"+txtFName.getText()+"' "; 

而且我得到了这样的错误:

Malformed SQL Statement: Expected ',', found 'Anuja'`. 
Statement:Update db SET LName = 'df',ATC_Code = '323',ATC_Name= 'sd',Course_Name = 'd',Course_Fee = '534',Where FName = 'Anuja' 
+0

你能不能告诉我们刚才的SQL语句? (这种方式更容易找到问题!) – jarlh

+0

请'编辑''问题'标题到一些'有意义的'标题 – Pawan

回答

1

删除最后,Set声明:

String sql = "Update db " + 
    "SET LName = '"+txtLName.getText()+"'," + 
    "ATC_Code = '"+txtATCcode.getText()+"'," + 
    "ATC_Name= '"+txtATCname.getText()+"'," + 
    "Course_Name = '"+txtCourseName.getText()+"'," + 
    "Course_Fee = '"+txtCourseFee.getText() + //here does not need ' 
    "Where FName = '"+txtFName.getText()+"' "; 

在一个注意,这种sql命令生成(连接包含一些值的字符串)对SQL是可疑的注入攻击,为了防止这种类型的攻击,请使用参数并设置参数值。有关更多信息,请参阅SQL injection

0
Update db 
SET LName = 'df', 
    ATC_Code = '323', 
    ATC_Name= 'sd', 
    Course_Name = 'd', 
    Course_Fee = '534', 
Where FName = 'Anuja' 

只有将改变删除最后一个逗号 ''

Update db 
SET LName = 'df', 
    ATC_Code = '323', 
    ATC_Name= 'sd', 
    Course_Name = 'd', 
    Course_Fee = '534' 
Where FName = 'Anuja'