这是我的代码来更新学生attendance.But在执行期间此方法返回SQL COMMAND NOT PROPERLY ENDED ERROR。sql命令没有正确结束错误
private void updateAttendance(){
MyQuery mq=new MyQuery();
Connection con=mq.getConnection();
Statement st;
ResultSet rs;
try{
st=con.createStatement();
rs=st.executeQuery("Select STU_ID FROM STUDENT WHERE NAME='"+cmbName.getSelectedItem()+"'");
if(rs.next()){
//System.out.println("getting student name");
int id=rs.getInt("STU_ID");
String sql="UPDATE STUDENT SET SUBJECT='"+cmbSub.getSelectedItem()+"',ATTENDANCE='";
//sql+="ATTENDANCE='"+"";
if(rdbtnPresent.isSelected())
sql+= "'"+Atdnc[0]+"',";
else
sql+= "'"+Atdnc[1]+"',";
sql+="WHERE STU_ID='"+id+"'";
st.executeUpdate(sql);
//cmbName.removeAllItems();
}
}catch(SQLException ex){
Logger.getLogger(Student.class.getName()).log(Level.SEVERE, null, ex);
}
}
你可以调试'sql'值,并告诉我们你得到什么? Btw非常大的SQL注入警告。使用参数化语句。 Sql注入警告https://xkcd.com/327/ –