我正在尝试使用javamysql库,但我在使用准备好的语句时遇到问题。我不确定我缺少什么。下面是我在尝试使用准备好的语句时遇到的MYSQL错误。
String query = "SELECT id, clicks FROM mailer.links WHERE campaign_id=?";
try {
preparedStatement = connect.prepareStatement(query);
preparedStatement.setInt(1, campaignId);
preparedStatement.execute();
Statement st = connect.createStatement();
// execute the query, and get a java resultset
ResultSet rs = st.executeQuery(query);
我收到以下错误:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '?' at line 1
它的工作原理,如果我做"campaign_id="活动ID,但SQL注入等待发生。
试试这个
ResultSet rs=准备声明.执行查询();
准备语句
方法执行查询()
本身返回一个ResultSet对象
因此,将其分配给ResultSet
对象
ResultSet rs = preparedStatement.executeQuery();
错误:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '?' at line 1
这个错误的发生是因为当
ResultSet rs = st.executeQuery(query);
所以你的查询仍然是这个"SELECT id,点击从mail. link WHEREcampaign_id=?" ;
并抛出一个MySQL语法异常。