在执行以下select查询,我得到一个错误:异常查询
ResultSet rs = St.executeQuery("select * from login where username="+username+"and password ="+password);
并将异常
java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended.
请让我知道,如果查询是错误的语法。
单引号的价值和密码之前丢失,我觉得应该是:用户名和密码
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
有你的用户名和and关键字之间没有空格。这将解析到
SELECT * FROM登录其中username = usernameand密码=密码
你还缺少左右你插入语句中值的单引号。尝试:
结果集RS = St.executeQuery( “从登录选择*,其中用户名= '” +用户名+ “ '和口令='” +密码+ “'”);
我也推荐在Java教程中阅读关于Using Prepared Statements的文章。
试试这个(你缺少几个空格和引号):
ResultSet rs =
St.executeQuery(
"select * from login where username=\""+username+"\" and password =\""+password + "\"");
值应在报价
ResultSet rs = St.executeQuery("select * from login where username='" + username + "' and password ='" + password + "'");
ResultSet rs = St.executeQuery("select * from login where username='"+username+"' and password ='"+password+"'");
执行的最佳方法查询拿出来,并尝试在你自己的... 为前。
String query = "select * from login where username='"+username+"' and password = '"+password+"'";
//Print your query and execute it in your sql client you ll get to know if it works!
System.out.println(query);
ResultSet rs = St.executeQuery(query);
至少使用参数(命名参数更好)。将值连接成SQL字符串容易出错并且不安全。例如: -
Statement stmt = null;
String query = "select * from login where username=? and password=?";
try {
stmt = con.createStatement();
stmt.setString(1, username);
stmt.setString(2, password);
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
//...
}
} catch (SQLException e) {
//TODO handle e
} finally {
if (stmt != null) { stmt.close(); }
}
}
谢谢!我错过了报价! – Anil