1. 首页
  2. 问答
  3. 为什么准备好的语句不能在java中工作?

为什么准备好的语句不能在java中工作?

2016-12-28 105 views
-1

我试图通过从db中提供卷号和介质来获取学生信息。 swing应用程序执行时没有任何错误,但是当我输入roll no和medium时,它会转到“Student not Found”else循环。为什么准备好的语句不能在java中工作?

我想用GET字符串或准备statements.kindly帮我找出这个问题的问题。

import javax.swing.*; 
import java.awt.event.*; 
import java.awt.*; 
import java.sql.*; 

public class Searchdb extends JFrame implements ActionListener { 

//Initializing Components 
    JLabel lb,lbd,lb1, lb2, lb3, lb5; 
    JTextField tf1, tf2,tf3,tf5,tfd; 
    JButton btn; 

    //Creating Constructor for initializing JFrame components 
    Searchdb() { 
     //Providing Title 
     super("Fetching Roll Information"); 
     lb5 = new JLabel("Roll Number:"); 
     lb5.setBounds(20, 20, 100, 20); 
     tf5 = new JTextField(20); 
     tf5.setBounds(130, 20, 200, 20); 

     lbd = new JLabel("Date:"); 
     lbd.setBounds(20, 50, 100, 20); 
     tfd = new JTextField(20); 
     tfd.setBounds(130, 50, 200, 20); 


     btn = new JButton("Submit"); 
     btn.setBounds(50, 50, 100, 20); 
     btn.addActionListener(this); 

     lb = new JLabel("Fetching Student Information From Database"); 
     lb.setBounds(30, 80, 450, 30); 
     lb.setForeground(Color.black); 
     lb.setFont(new Font("Serif", Font.PLAIN, 12)); 
     setVisible(true); 
     setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); 
     setSize(500, 500); 

     lb1 = new JLabel("Name:"); 
     lb1.setBounds(20, 120, 100, 20); 
     tf1 = new JTextField(50); 
     tf1.setBounds(130, 120, 200, 20); 
     lb2 = new JLabel("Fathername:"); 
     lb2.setBounds(20, 150, 100, 20); 
     tf2 = new JTextField(100); 
     tf2.setBounds(130, 150, 200, 20); 
     lb3 = new JLabel("State:"); 
     lb3.setBounds(20, 180, 100, 20); 
     tf3 = new JTextField(50); 
     tf3.setBounds(130, 180, 200, 20); 

     setLayout(null); 

     //Add components to the JFrame 
     add(lb5); 
     add(tf5); 
     add(lbd); 
     add(tfd); 
     add(btn); 

     add(lb); 
     add(lb1); 
     add(tf1); 
     add(lb2); 
     add(tf2); 
     add(lb3); 
     add(tf3); 


     //Set TextField Editable False 
     tf1.setEditable(false); 
     tf2.setEditable(false); 
     tf3.setEditable(false); 

    } 

    public void actionPerformed(ActionEvent e) { 
     //Create DataBase Coonection and Fetching Records 

     try { 
      String str = tf5.getText(); 

      Datestri = tfd.getText();//Getting the unable to convert String to Date error 

      System.out.println(str); 
      System.out.println(stri); 

      Class.forName("oracle.jdbc.driver.OracleDriver"); 
      Connection con = DriverManager.getConnection("jdbc:oracle:thin:@//host:port/servicename","username","password"); 
      PreparedStatement st = con.prepareStatement("select Name,Fathername,State from student_db where roll_number=? and medium=?"); 
      System.out.println(st); 
      st.setString(1, str); 
      st.setDate(2, stri); 



      //Excuting Query 
      ResultSet rs = st.executeQuery(); 
      System.out.println(rs); 

      if (rs.next()) { 
       String s = rs.getString(1); 
       String s1 = rs.getString(2); 
       String s2 = rs.getString(3); 


       //Sets Records in TextFields. 
       tf1.setText(s); 
       tf2.setText(s1); 
       tf3.setText(s2); 

      } else { 
       JOptionPane.showMessageDialog(null, "Student not Found"); 
      } 

      //Create Exception Handler 
     } catch (Exception ex) { 

      System.out.println(ex); 
     } 
    } 
//Running Constructor 

    public static void main(String args[]) { 
     new Searchdb(); 
    } 
}

SQL查询:

select Name,Fathername,State from student_db where roll_number='1441' and medium='2016-12-18';

结果:

Name Fathername State 
SA  TH  YA

假设,如果我没有通过 “S饰” 变量在查询中我得到的结果。

来源

2016-12-28 sathya

+2

您是否尝试执行使用Oracle的SQLDeveloper或SQL * Plus与价值观,你知道是正确的手动SQL语句? – Powerlord

+0

您确定您从UI中的正确文本字段获取输入吗? 'stri'由名为'tfd'的字段填充,该字段似乎是某种类型的日期字段,而不是您在查询中使用的“中等”字段。记住总是给你的变量描述性的名字。 –

+0

是的,我从数据库@Powerlord – sathya

回答

0

我在下面更新的代码和它工作正常,当我检查的数据库类型为中列名是VARCHAR2(40),所以我决定只使用getString。

掌握这个代码适当响应,

import javax.swing.*; 
import java.awt.event.*; 
import java.awt.*; 
import java.sql.*; 

public class Searchdb extends JFrame implements ActionListener { 

//Initializing Components 
    JLabel lb,lbd,lb1, lb2, lb3, lb5; 
    JTextField tf1, tf2,tf3,tf5,tfd; 
    JButton btn; 

    //Creating Constructor for initializing JFrame components 
    Searchdb() { 
     //Providing Title 
     super("Fetching Roll Information"); 
     lb5 = new JLabel("Roll Number:"); 
     lb5.setBounds(20, 20, 100, 20); 
     tf5 = new JTextField(20); 
     tf5.setBounds(130, 20, 200, 20); 

     lbd = new JLabel("Date:"); 
     lbd.setBounds(20, 50, 100, 20); 
     tfd = new JTextField(20); 
     tfd.setBounds(130, 50, 200, 20); 


     btn = new JButton("Submit"); 
     btn.setBounds(50, 50, 100, 20); 
     btn.addActionListener(this); 

     lb = new JLabel("Fetching Student Information From Database"); 
     lb.setBounds(30, 80, 450, 30); 
     lb.setForeground(Color.black); 
     lb.setFont(new Font("Serif", Font.PLAIN, 12)); 
     setVisible(true); 
     setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); 
     setSize(500, 500); 

     lb1 = new JLabel("Name:"); 
     lb1.setBounds(20, 120, 100, 20); 
     tf1 = new JTextField(50); 
     tf1.setBounds(130, 120, 200, 20); 
     lb2 = new JLabel("Fathername:"); 
     lb2.setBounds(20, 150, 100, 20); 
     tf2 = new JTextField(100); 
     tf2.setBounds(130, 150, 200, 20); 
     lb3 = new JLabel("State:"); 
     lb3.setBounds(20, 180, 100, 20); 
     tf3 = new JTextField(50); 
     tf3.setBounds(130, 180, 200, 20); 

     setLayout(null); 

     //Add components to the JFrame 
     add(lb5); 
     add(tf5); 
     add(lbd); 
     add(tfd); 
     add(btn); 

     add(lb); 
     add(lb1); 
     add(tf1); 
     add(lb2); 
     add(tf2); 
     add(lb3); 
     add(tf3); 


     //Set TextField Editable False 
     tf1.setEditable(false); 
     tf2.setEditable(false); 
     tf3.setEditable(false); 

    } 

    public void actionPerformed(ActionEvent e) { 
     //Create DataBase Coonection and Fetching Records 

     try { 
      String str = tf5.getText(); 

      String stri = tfd.getText(); 

      System.out.println(str); 
      System.out.println(stri); 

      Class.forName("oracle.jdbc.driver.OracleDriver"); 
      Connection con = DriverManager.getConnection("jdbc:oracle:thin:@//host:port/servicename","username","password"); 

      String str1 ="select Name,Fathername,State from student_db where roll_number='"+str+"' and medium='"+stri+"'"; 

      PreparedStatement st = con.prepareStatement(str1); 
      System.out.println(st); 
      st.setString(1, str); 
      st.setString(2, stri); 



      //Excuting Query 
      ResultSet rs = st.executeQuery(); 
      System.out.println(rs); 

      if (rs.next()) { 
       String s = rs.getString(1); 
       String s1 = rs.getString(2); 
       String s2 = rs.getString(3); 


       //Sets Records in TextFields. 
       tf1.setText(s); 
       tf2.setText(s1); 
       tf3.setText(s2); 

      } else { 
       JOptionPane.showMessageDialog(null, "Student not Found"); 
      } 

      //Create Exception Handler 
     } catch (Exception ex) { 

      System.out.println(ex); 
     } 
    } 
//Running Constructor 

    public static void main(String args[]) { 
     new Searchdb(); 
    } 
}

来源

2016-12-29 13:25:14 sathya

+1

如果您没有在准备好的语句中使用参数,您至少可以做的是清理输入。这意味着,用两个单引号替换单引号。像将'str.replace(“'”,“''”)'插入字符串之前一样。这是一个防范SQL注入的警卫。否则,你会很快得到[bobby tabled](https://xkcd.com/327/)。 –

+0

是的,谢谢:) @TT。 – sathya

相关问题

 相关问题