58,453
社区成员
发帖
与我相关
我的任务
分享executeUpdate(sql)这条语句为啥总不执行呢?求教
我的代码:
String sql = "UPDATE ACCOUNTS SET 密码=" + account.getPassword()
+ " WHERE 账户名=" + account.getAccountName();
try {
Class.forName(this.dbDriver).newInstance();
} catch (Exception e) {
e.printStackTrace();
}
try {
Connection conn = DriverManager.getConnection(this.dbUrl,
this.user, this.password);
if (!conn.isClosed()) {
Statement st = conn.createStatement();
Account acc = this.getAccountInfo(account.getAccountName());
if (acc != null) {
System.out.println(2);
int count = st.executeUpdate(sql);
System.out
.println(count
+ " account's information has been updated in table ACCOUNTS!");
} else
System.out
.println("There isn't the account which you want to update its information!");
}
} catch (SQLException e) {
}
String sql = "UPDATE ACCOUNTS SET 密码=" + account.getPassword()
+ " WHERE 账户名=" + account.getAccountName();
try {
Class.forName(this.dbDriver).newInstance();
} catch (Exception e) {
e.printStackTrace();
}
try {
Connection conn = DriverManager.getConnection(this.dbUrl,
this.user, this.password);
if (!conn.isClosed()) {
Statement st = conn.createStatement();
Account acc = this.getAccountInfo(account.getAccountName());
if (acc != null) {
System.out.println(2);
int count = st.executeUpdate(sql);
System.out
.println(count
+ " account's information has been updated in table ACCOUNTS!");
} else
System.out
.println("There isn't the account which you want to update its information!");
}
} catch (SQLException e) {
}
...全文
请发表友善的回复…
发表回复
sudan_727923 2011-10-24
- 打赏
- 举报
[Quote=引用 5 楼 jack90210 的回复:]
lz要养成习惯,尽量不要使用拼接sql,容易受到sql注入攻击,
采用预编译sql:PreparedStatement st=con.prepareStatement(sSql);
PreparedStatement 这个具体怎么用,还需lz自己去深入了解
[/Quote]
用这个吧
lz要养成习惯,尽量不要使用拼接sql,容易受到sql注入攻击,
采用预编译sql:PreparedStatement st=con.prepareStatement(sSql);
PreparedStatement 这个具体怎么用,还需lz自己去深入了解
[/Quote]
用这个吧
梦如风 2011-10-24
- 打赏
- 举报
lz要养成习惯,尽量不要使用拼接sql,容易受到sql注入攻击,
采用预编译sql:PreparedStatement st=con.prepareStatement(sSql);
PreparedStatement 这个具体怎么用,还需lz自己去深入了解
采用预编译sql:PreparedStatement st=con.prepareStatement(sSql);
PreparedStatement 这个具体怎么用,还需lz自己去深入了解
SP12345678902 2011-10-21
- 打赏
- 举报
[Quote=引用 1 楼 keiy 的回复:]
这样试试
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
[/Quote]
正确的写法
得有单引号,除非是数字
这样试试
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
[/Quote]
正确的写法
得有单引号,除非是数字
selly0919 2011-10-20
- 打赏
- 举报
[Quote=引用 1 楼 keiy 的回复:]
这样试试
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
[/Quote]楼上正解!平时在拼sql语句时,这是经常犯的一个错误!
这样试试
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
[/Quote]楼上正解!平时在拼sql语句时,这是经常犯的一个错误!
小笨熊 2011-10-20
- 打赏
- 举报
ls要注意啦
柯本 2011-10-19
- 打赏
- 举报
这样试试
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
String sql = "UPDATE ACCOUNTS SET 密码='" + account.getPassword()
+ "' WHERE 账户名='" + account.getAccountName()+"'";
注意要加''
