问题描述
这种方式对这个问题的回答似乎很难在互联网上找到。基本上我使用PreparedStatement将值插入MySQL数据库。我使用PreparedStatement来转义数据以防止SQL注入攻击。问题是,现在有办法撤销这些密钥。
This answer to this question done this way seems to be very difficult to find on the internet. Basically I am inserting values into a MySQL database using PreparedStatement. I use the PreparedStatement to escape the data to prevent SQL Injection attacks. The problem is, there is now way retreving those keys.
String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error
那么如何在Java中转义输入并使用PreparedStatements?
So how can I escape input and use PreparedStatements in Java?
推荐答案
在 prepareStatement()$ c中传递
Statement.RETURN_GENERATED_KEYS
$ c>以及您的查询。然后使用 PreparedStatement
的getGeneratedKeys()来获取包含插入的auto_incremented_id的ResultSet。
pass Statement.RETURN_GENERATED_KEYS
in prepareStatement()
along with your query. And then use getGeneratedKeys() of PreparedStatement
to get the ResultSet containing your inserted auto_incremented_id.
String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error
ResultSet rs = prest.getGeneratedKeys();
if(rs.next())
{
int last_inserted_id = rs.getInt(1);
}
这篇关于Java PreparedStatement检索最后插入的ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!