java - ora-00933:SQL命令未正确结束以更新sql语句

碰到下面的这一行时，我得到的sql命令未正确结束。

stmt = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
String updateQ = "update ANI_999 set First_Name = '"+d.getName()+"', HouseNo = '"+d.getAddr1()+"', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='"+currentFile+"' where CALLER_ID = '"+msisdn+"' ";

int result = stmt.executeUpdate(updateQ);
conn.commit();
conn.close();`

我不断收到ORA-00933：SQL命令未正确结束。

这是updateQ语句的样子：

update ANI_999 set First_Name = 'ZAHARAH BINTI ABDUL RAHMAN', HouseNo = 'No. JKR6357,', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='ICAREP_ANI_SVCPROF_20120402_002.DAT' where CALLER_ID = '058011726'

这是全部功能：-请参考此符号“ <

public void updateRecord(icData d, String msisdn) {
   Connection conn = null;
   Statement stmt = null;
   int recCtr = 0;

try {
   conn = ds.getConnection();

       stmt = conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
       String updateQ = "update ANI_999 set First_Name = '"+d.getName()+"', HouseNo = '"+d.getAddr1()+"', Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, Indicator_Sourcefile_iCARE1='"+currentFile+"' where CALLER_ID = '"+msisdn+"' ";


   int result = stmt.executeUpdate(updateQ);
   conn.commit();
   conn.close();
}
catch(SQLException ex) {

    logger.error("iCARE:Error : " + ex.getMessage()); <<this line show me that error>>

}
finally {
    try {if (stmt != null) stmt.close();} catch (SQLException e) {}
        try {if (conn != null) conn.close();} catch (SQLException e) {}
}
}

最佳答案

您应该使用PreparedStatement：

String updateQ = "update ANI_999 set First_Name = ?, HouseNo = ?, " +
       "Indicator_Sourcefile_iCARE3 = Indicator_Sourcefile_iCARE2, " +
       "Indicator_Sourcefile_iCARE2 = Indicator_Sourcefile_iCARE1, " +
       "Indicator_Sourcefile_iCARE1=? where CALLER_ID = ? ";
PreparedStatement prep =  conn.prepareStatement(updateQ,
    ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_READ_ONLY);
prep.setString(1, ...);
prep.setString(2, ...);
prep.setString(3, ...);
int result = prep.executeUpdate(updateQ);