1. 首页
  2. 问答
  3. 嵌套的异常是java.sql.SQLException中:无效的参数指标1

嵌套的异常是java.sql.SQLException中:无效的参数指标1

2012-08-29 42 views
1

我获得以下错误,但我不明白为什么:嵌套的异常是java.sql.SQLException中:无效的参数指标1

org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback;错误的SQL语法[UPDATE da_tracking SET ins_name = xyz,ins_dev_scripted = False WHERE ins_ID = 12];嵌套0​​例外是值java.sql.SQLException:无效的参数指标1.

------------------------ dao class----- 
public int save(DboBean record) { 
     // TODO Auto-generated method stub 
     String sql = "UPDATE da_tracking" 
        + " SET ins_name= " + record.getDboDevName()+ "," 
        + " ins_dev_scripted = " + record.getDevScripted() 
        + " WHERE ins_ID = " + record.getDboId(); 
     Object[] params = new Object[] {record.getDboDevName(), record.getDevScripted()}; 
     int[] types = new int[]{Types.VARCHAR, Types.BIT}; 
     return jdbcTemplate.update(sql, params, types); 
    } 
----------------------------Junit----- 
bean.setDboDevName("xyz"); 
bean.setDboId(12); 
int rowsAffected = objDao.save(bean); 

    System.out.println("Object is updated [" + bean.getDboId() + ", " + bean.getDboDevName() + 
      ", " + bean.getDevScripted() + "]");

你知道为什么? 我的删除&阅读方法的工作。

来源

2012-08-29 user1631032

回答

1 
public int save(DboBean record) { 

     String sql = "UPDATE da_tracking" 
        + " SET ins_name= ?"+"," 
        + " ins_dev_scripted = ?" 
        + " WHERE ins_ID = ?"; 
     Object[] params = new Object[] {record.getDboDevName(), record.getDevScripted(), record.getDboId()}; 
     int[] types = new int[]{Types.VARCHAR, Types.BIT, Types.INTEGER}; // Change 3rd parameter type here 
     return jdbcTemplate.update(sql, params, types); 
    } 

----------------------------Junit----- 
bean.setDboDevName("xyz"); 
bean.setDboId(12); 
int rowsAffected = objDao.save(bean); 

    System.out.println("Object is updated [" + bean.getDboId() + ", " + bean.getDboDevName() + 
      ", " + bean.getDevScripted() + "]");

这是行吗?

来源

2012-08-29 15:36:21 Garbage

+0

您应该使用绑定变量(参数化查询)是正确的,但这不是此错误的来源。你是对的,变量(可能只有'ins_name')需要被引用,但是SQL解析器还没有得到那么深的解析查询。 –

+0

更新了代码。请立即检查。 – Garbage

+0

是的,它的工作原理:-D Thx – user1631032

4

您所看到的错误是因为你传递变量到paramstypes阵列,但是你有没有把那些绑定变量占位符在查询:

String sql = "UPDATE da_tracking" 
      + " SET ins_name= ?," 
      + " ins_dev_scripted = ?" 
      + " WHERE ins_ID = ?" 
Object[] params = new Object[] {record.getDboDevName(), record.getDevScripted(), record.getDboId()}; 
int[] types = new int[]{Types.VARCHAR, Types.BIT, Types.INTEGER}; 
return jdbcTemplate.update(sql, params, types);

内部,春天是做像这样:

PreparedStatement stmt = conn.prepareStatement("...your sql..."); 
stmt.setString(1, dboDevName); // this will fail, since there is no bind variable 
           // with index 1 
...

你应该永远不要通过连接外部数据建立SQL查询。在最好的情况下,如果有人在数据中添加了奇怪的引用或转义字符,并且最糟糕的情况下会导致系统崩溃,那么这将导致查询失败。

来源

2012-08-29 15:42:06

+0

就是这样。它的工作原理:D谢谢 – user1631032

相关问题

 相关问题