1. 首页
  2. 问答
  3. Java和MySQL插入语句

Java和MySQL插入语句

2012-10-30 143 views
1

我刚从JBDC开始。我需要创建一个Java/MySQL插入语句,它插入分析为int的空字符串和字符串(作为用户使用Scanner的输入)。我尝试了很多可能性,到目前为止没有任何工作。写这样的插入语句的正确方法是什么,或者我应该考虑其他建议的方法? 感谢您的帮助!Java和MySQL插入语句

import java.util.ArrayList; 
import java.util.Scanner; 
import java.sql.Connection; 
import java.sql.DriverManager; 
import java.sql.ResultSet; 
import java.sql.SQLException; 
import java.sql.Statement; 

public class AddBook { 

    static Scanner keyboard = new Scanner(System.in); 

    static InvMenu invmenu = new InvMenu(); 
    static MainMenu mainmenu = new MainMenu(); 

    static boolean b = true; 
    static int x; 
    static double y; 
    static double z; 
    static String choice; 
    static char letter; 

    public static void addBook(){ 

     Connection conn = null; 
     Statement stmt = null; 
     ResultSet rs = null; 


     System.out.println("+----------------+"); 
     System.out.println("| Add a Book  |"); 
     System.out.println("+----------------+\n"); 

     System.out.print("\nEnter ISBN number: "); 
     String isbn = keyboard.next(); 

     System.out.print("Enter Book Title: "); 
     String title = keyboard.next(); 

     System.out.print("Enter Author's name: "); 
     String author = keyboard.next(); 

     System.out.print("Enter Publisher's name: "); 
     String publisher = keyboard.next(); 

     System.out.print("Enter The Date the Book is Added to the Inventory (MM/DD/YYYY): "); 
     String dateAdded = keyboard.next(); 

     do{ 

      b = true; 
      System.out.print("Enter The Quantity of Book Being Added: "); 
      String qtyOnHand = keyboard.next(); 

      try { 

       x = Integer.parseInt(qtyOnHand); 

      } 

      catch(NumberFormatException nFE) { 

       b = false; 
       System.out.println(); 
       System.out.println("--------------------------------------------------------"); 
       System.out.println(" !!! You did not enter a valid value. Try again !!!"); 
       System.out.println("--------------------------------------------------------"); 
       System.out.println(); 

      } 

     }while(b == false); 

     do{ 

      b = true; 
      System.out.print("Enter The Wholesale Cost of the Book: "); 
      String wholesale = keyboard.next(); 

      try { 

       y = Double.parseDouble(wholesale); 

      } 

      catch(NumberFormatException nFE) { 

       b = false; 
       System.out.println("--------------------------------"); 
       System.out.println(" ! Wrong Value. Try again !"); 
       System.out.println("--------------------------------\n"); 

      } 

     }while(b == false); 

     do{ 

      b = true; 
      System.out.print("Enter The Retail Price of the Book: "); 
      String retail = keyboard.next(); 

      try { 

       z = Double.parseDouble(retail); 

      } 

      catch(NumberFormatException nFE) { 

       b = false; 
       System.out.println("--------------------------------"); 
       System.out.println(" ! Wrong Value. Try again !"); 
       System.out.println("--------------------------------\n"); 

      } 

     }while(b == false); 

     System.out.println("-------------------------------------------"); 
     System.out.println("ISBN number: " + isbn); 
     System.out.println("Book Title: " + title); 
     System.out.println("Author's name: " + author); 
     System.out.println("Publisher's name: " + publisher); 
     System.out.println("The Date the Book is Added to the Inventory (MM/DD/YYYY): " + dateAdded); 
     System.out.println("The Quantity of Book Being Added: " + x); 
     System.out.printf("The Wholesale Cost of the Book: $ %6.2f\n", y); 
     System.out.printf("The Retail Price of the Book: $ %6.2f\n", z); 
     System.out.println("-------------------------------------------\n"); 

     try { 

      Class.forName("com.mysql.jdbc.Driver").newInstance(); 

      String connectionUrl = "jdbc:mysql://localhost:3306/serendipity"; 
      String connectionUser = "root"; 
      String connectionPassword = "password"; 
      conn = DriverManager.getConnection(connectionUrl, connectionUser, connectionPassword); 
      stmt = conn.createStatement(); 

      stmt.executeUpdate("INSERT INTO books(book_id, isbn, title, author, publisher, dateAdded, qtyOnHand, wholesale, retail) VALUES ('"+null+ "','" +isbn+ " ','" +title+ " ',' " +author+ " ',' " +publisher+ " ',' " +dateAdded+ " ',' " +x+ " ',' " +y+ " ',' " +z+" ')"); 


     } 

     catch (Exception e) { 

      e.printStackTrace(); 

     } 

     finally { 

      try { 

       if (rs != null) rs.close(); 

      } 

      catch (SQLException e) { 

       e.printStackTrace(); 

      } 

      try { 

       if (stmt != null) stmt.close(); 

      } 

      catch (SQLException e) { 

       e.printStackTrace(); 

      } 

      try { 

       if (conn != null) conn.close(); 

      } catch (SQLException e) { 

       e.printStackTrace(); 

      } 

       System.out.println("+------------------------------------+"); 
       System.out.println("| The Book is Added to the Inventory |"); 
       System.out.println("+------------------------------------+\n"); 

     } 

    } 

}

来源

2012-10-30 Vladimir

回答

2

您可能需要考虑使用PreparedStatement和使用setNull()插入空。

原始SQL语句很容易出现SQL注入攻击。

看到这个example了解更多关于如何使用的setNull

来源

2012-10-30 20:32:36 kosa

+0

非常感谢它确实管用! – Vladimir

1

你确保连接的工作?然后,你可以考虑使用preQueryStatement

下面是一个小例子:

cnnct = getConnection(); 
    String preQueryStatement = "INSERT INTO CUSTOMER VALUES (?,?,?,?)"; 
    pStmnt = cnnct.prepareStatement(preQueryStatement); 
    pStmnt.setString(1, CustId); 
    pStmnt.setString(2, Name); 
    pStmnt.setString(3, Tel); 
    pStmnt.setInt(4, Age);

来源

2012-10-30 20:42:01 code4j

+0

我使用了与PreparedStatement相同的语法。谢谢您的帮助 – Vladimir

相关问题

 相关问题