问题描述

st.executeUpdate("INSERT INTO studdet ( NAME, EMAIL,phoneno,adress )values (''+name+'',''+email+'',+ph+,''+ad+'')");

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法有错误；在第1行的

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''+ad+'')'' at line 1

推荐答案

st.executeUpdate("INSERT INTO studdet ( NAME, EMAIL,phoneno,adress )values ('"+name+"','"+email+"',"+ph+",'"+ad+"')");

请注意，双引号会转义字符串并允许正确访问变量.

附带说明一下，我建议您在首先确认变量是干净的"(没有可能导致SQL注入攻击的特殊字符)之前，不要将变量直接放入SQL语句中.

Notice the double-quotes to escape the string and allow the variable to be accessed properly.

As a side note, I would recommend that you not put variables directly into a SQL statement until you have first verified that they are "clean" (no special characters that could lead to a SQL Injection attack).

values ('"+name+"','"+email+"',+ph+,'"+ad+"')");

如果您有解决方案，请回答...

谢谢

make it answer if you got your solution...

Thanks

这篇关于插入数据时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！