語法錯誤插入到？ MSAccess

我想將用戶輸入到jtextfield的數據插入msaccess數據庫。當我嘗試執行我的sql語句時，在INSERT INTO語句中出現錯誤，指出語法錯誤。我檢查了我的sql語句並嘗試了幾個不同的東西，但似乎無法找到任何類型的語法錯誤。語法錯誤插入到？ MSAccess

conn = Connect.ConnectDB(); 
    String sql = "insert into Team (" 
      +"TeamID," 
      +"TeamCity," 
      +"TeamMascot," 
      + "values("+txtid.getText()+ ",'"+txtname.getText()+"','"+txtaddress.getText()+"')" ; 
    try{ 
     pst = conn.prepareStatement(sql); 
     pst.execute(); 
     JOptionPane.showMessageDialog(null, "Entry " + txtid.getText() + " Saved"); 
     UpdateJTable(); 
     //conn.close(); 
    } 
    catch(Exception e){ 
     JOptionPane.showMessageDialog(null, e); 
    }

來源

2013-04-25 Fisheries

的錯誤是關鍵字values

String sql = "insert into Team (" 
      +"TeamID," 
      +"TeamCity," 
      +"TeamMascot," // <<== HERE, change comma into closing parenthesis

順便說前額外的逗號，沒有右括號，你的發言是SQL Injection脆弱。如果參數化了值，則可以避免它。例如，

String sql = "insert into Team (TeamID,TeamCity,TeamMascot) values (?, ?, ?, ?)" pst = conn.prepareStatement(sql); pst.setString(1, txtid.getText()); pst.setString(2, txtname.getText()); pst.setString(3, txtaddress.getText());

PreparedStatement

來源

2013-04-25 11:56:41

由於一噸了明確的答案和更多！這僅僅是一個小型的學校項目，所以我並不太擔心SQL注入，但我將來肯定會將我的值放入參數中。 – Fisheries 2013-04-25 13:01:52

不客氣'：D'歡迎來到SO，順便說一下！ – 2013-04-25 13:03:19

語法錯誤插入到？ MSAccess

回答

相關問題