错误插入数据到MySQL表

Question

需要帮助，请..

Connection cn = DriverManager.getConnection ("jdbc:mysql://localhost/posdb", "root", ""); 
    PreparedStatement dat = cn.prepareStatement("INSERT INTO order VALUES('"+num+"',"+buyamount.elementAt(0)+","+buyamount.elementAt(1)+","+buyamount.elementAt(2)+","+buyamount.elementAt(3)+","+buyamount.elementAt(4)+","+buyamount.elementAt(5)+","+buyamount.elementAt(6)+","+buyamount.elementAt(7)+","+buyamount.elementAt(8)+","+buyamount.elementAt(9)+","+buyamount.elementAt(10)+","+buyamount.elementAt(11)+","+buyamount.elementAt(12)+","+buyamount.elementAt(13)+","+buyamount.elementAt(14)+","+buyamount.elementAt(15)+","+buyamount.elementAt(16)+","+buyamount.elementAt(17)+","+buyamount.elementAt(18)+","+buyamount.elementAt(19)+","+tot+","+tot2+","+(tot2-tot)+")"); 
    System.out.println(dat); 
    dat.executeUpdate(); 
    cn.close(); 

错误消息：

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order VALUES('20130605093640',1, 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9500,1200' at line 1 

num是一个字符串，TOT和tot2是整数，并且buyamount是整数的向量。

感谢..任何帮助将不胜感激..

Answer 1

Order是MySQL中的保留字 - 它周围使用反引号：

INSERT INTO `order`... 

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

Answer 2

在您可能要另外考虑使用正确的方式准备好的声明。这将有助于避免sql注入，并使您的代码更易于阅读。

private static final String INSERT = "insert into myTable values(?,?,?)"; 
public void insertData(String varA, int numB, Date myDate) throws SQLException { 

    Connection cn=null; 
    PreparedStatement ps=null; 
    try { 
     cn = DriverManager.getConnection("...your connection string..."); 
     ps = cn.prepareStatement(INSERT); 
     ps.setString(1, varA); 
     ps.setInt(2, numB); 
     ps.setDate(3, myDate); 

     ps.executeUpdate(); 

    }catch(SQLException sqe) { 
     throw sqe; 
    } finally { 
     try {ps.close();}catch(Exception ex) {} 
     try {cn.close();}catch(Exception ex) {} 
    } 
}