1. 首頁
  2. 問答
  3. 如何使用準備好的語句

如何使用準備好的語句

2011-04-08 135 views
2

有人建議使用準備好的語句,但我不知道如何使用它。我需要在代碼中做些什麼改變?如何使用準備好的語句

try 
{ 
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); 
    System.out.println("\n Driver loaded"); 

    Connection con = DriverManager.getConnection("jdbc:odbc:wanisamajDB"); 

    Statement stmt = con.createStatement(); 
    System.out.println("statement is created"); 

    // System.out.println(Integer.parseInt(cbregn.getSelectedItem().toString())); 

    String qry = " UPDATE Registration1 SET RegistrationNo = '"+cbregn.getSelectedItem()+"',SeniorPerson = '"+cbnm.getSelectedItem()+"', NativePlace = '"+tfplace.getText()+"',Kul = '"+tfkul.getText()+"', Gotra = '"+tfgotra.getText()+"' ,KulSwami = '"+tfswami.getText()+"', ResidensialAddress = '"+taraddr.getText()+"' , PinCode = '"+tfpcd.getText()+"', STDcode = '"+tfstdcode.getText()+"',TelephoneNo = '"+tftele.getText()+"', MobileNo = '"+tfmno.getText()+"', Email = '"+tfemail.getText()+"',Website ='"+tfweb.getText()+"',Education ='"+tfedu.getText()+"',Branch ='"+tfbrch.getText()+"',BloodGroup ='"+cbbldgrp.getSelectedItem()+"' where SeniorPerson='" +cbnm.getSelectedItem().toString()+"'" ; 

      stmt.executeUpdate(qry); 

      JOptionPane.showMessageDialog(null,"RECORD IS UPDATED SUCCESSFULLY "); 
      System.out.println("QUERY");  

      // cbregn.setEditable(false); 
      cbnm.setEditable(false); 
      tfplace.setEditable(false); 
      tfkul.setEditable(false); 
      tfgotra.setEditable(false); 
      tfswami.setEditable(false); 
      taraddr.setEditable(false); 
      tfpcd.setEditable(false); 
      tfstdcode.setEditable(false); 
      tftele.setEditable(false); 
      tfmno.setEditable(false); 
      tfemail.setEditable(false); 
      tfweb.setEditable(false); 
      tfedu.setEditable(false); 
      tfbrch.setEditable(false); 
      cbbldgrp.setEditable(false); 
      con.close(); 
      stmt.close(); 
     } 
//   catch(SQLException eM) 
//   { 
//   JOptionPane.showMessageDialog(null,"RECORD IS NOT FOUND "); 
//   } 
     catch(Exception et) 
     { 
      et.printStackTrace(); 
      // System.out.println("error:"+et.getMessage()); 
     }

來源

2011-04-08 amitbidwai

回答

3

看到example

預處理語句可以幫助被提供的數據分離SQL邏輯提高安全性。邏輯和數據的這種分離有助於防止一種稱爲SQL注入攻擊的常見類型的漏洞。通常,當您處理臨時查詢時,在處理從用戶那裏收到的數據時需要非常小心。這需要使用能夠轉義所有必要故障字符的函數,例如單引號,雙引號和反斜線字符。處理準備好的陳述時這是不必要的。數據的分離允許MySQL自動考慮這些字符,並且不需要使用任何特殊功能進行轉義。

來源

2011-04-08 06:29:56

+0

,將減少SQL注入攻擊 – MeBigFatGuy 2011-04-08 06:31:47

+0

哦,是的,當然,感謝名單:) – 2011-04-08 06:32:50

1 
public class UpdatesRecords{ 
    public static void main(String[] args) { 
    System.out.println("Updates Records Example through Prepared Statement!"); 
    Connection con = null; 
    try{ 
     Class.forName("com.mysql.jdbc.Driver"); 
     con = DriverManager.getConnection(
    "jdbc:mysql://localhost:3306/jdbctutorial","root","root"); 
     try{ 
     String sql = "UPDATE movies SET title = ? WHERE year_made = ?"; 
     PreparedStatement prest = con.prepareStatement(sql); 
     prest.setString(1,"Sanam We wafafa"); 
     prest.setInt(2,2005); 
     prest.executeUpdate(); 
     System.out.println("Updating Successfully!"); 
     con.close(); 
     } 
     catch (SQLException s){ 
     System.out.println("SQL statement is not executed!"); 
     } 
    } 
    catch (Exception e){ 
     e.printStackTrace(); 
    } 
    } 
}

請使用上面的代碼作爲參考和更改代碼

來源

2011-04-08 06:31:26 developer

0

This是使用PreparedStatement最簡單的例子之一,我希望它可以幫助你。

來源

2011-04-08 06:34:54

2

在你的代碼,而不是這樣的:

String qry= " UPDATE Registration1 set RegistrationNo = '"+cbregn.getSelectedItem()+"',SeniorPerson = '"+cbnm.getSelectedItem()+"', NativePlace = '"+tfplace.getText()+"',Kul = '"+tfkul.getText()+"', Gotra = '"+tfgotra.getText()+"' ,KulSwami = '"+tfswami.getText()+"', ResidensialAddress = '"+taraddr.getText()+"' , PinCode = '"+tfpcd.getText()+"', STDcode = '"+tfstdcode.getText()+"',TelephoneNo = '"+tftele.getText()+"', MobileNo = '"+tfmno.getText()+"', Email = '"+tfemail.getText()+"',Website ='"+tfweb.getText()+"',Education ='"+tfedu.getText()+"',Branch ='"+tfbrch.getText()+"',BloodGroup ='"+cbbldgrp.getSelectedItem()+"' where SeniorPerson='" +cbnm.getSelectedItem().toString()+"'" ; 
stmt.executeUpdate(qry);

試試這個:

String qry= " UPDATE Registration1 set RegistrationNo = ?,SeniorPerson = ?, NativePlace = ?,Kul = ?, Gotra = ?,KulSwami = ?, ResidensialAddress = ?, PinCode = ?, STDcode = ?,TelephoneNo = ?, MobileNo = ?, Email = ?,Website =?,Education =?,Branch =?,BloodGroup =? where SeniorPerson=?" ; 

PreparedStatement updateQry = con.prepareStatement(qry); 
updateQry.setString(1,cbregn.getSelectedItem()); 
updateQry.setString(2,cbnm.getSelectedItem()); 
updateQry.setString(3,tfplace.getText()); 
updateQry.setString(4,tfkul.getText()); 
updateQry.setString(5,tfgotra.getText()); 
updateQry.setString(6,tfswami.getText()); 
updateQry.setString(7,taraddr.getText()); 
updateQry.setString(8,tfpcd.getText()); 
updateQry.setString(9,tfstdcode.getText()); 
updateQry.setString(10,tftele.getText()); 
updateQry.setString(11,tfmno.getText()); 
updateQry.setString(12,tfemail.getText()); 
updateQry.setString(13,tfweb.getText()); 
updateQry.setString(14,tfedu.getText()); 
updateQry.setString(15,tfbrch.getText()); 
updateQry.setString(16,cbbldgrp.getSelectedItem()); 
updateQry.setString(17,cbnm.getSelectedItem().toString()); 
updateQry.executeUpdate():

來源

2011-04-08 06:37:46

相關問題

 相關問題