我试图检查,如果我的数据库中已存在特定值.我使用JDBC从java独立应用程序访问数据库(查询将记录插入数据库工作,所以我的设置和连接都可以).
String queryCheck = "SELECT * from messages WHERE msgid = " + msgid;
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(queryCheck); // execute the query, and get a java resultset
// if this ID already exists, we quit
if(rs.absolute(1)) {
conn.close();
return;
}
我收到此错误(我的SQL语法显然有问题):
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd-f05708071f8f' at line 1
但是,如果我尝试在MySQL命令行中执行此命令,它可以工作!你能告诉我,我的陈述有什么不对吗?谢谢你的任何提示!
Bor*_*der 24
你需要String在MySQL中包含一个引号,所以查询需要
SELECT * from messages WHERE msgid = 'd-f05708071f8f';
不
SELECT * from messages WHERE msgid = d-f05708071f8f;
所以代码应该读
String queryCheck = "SELECT * from messages WHERE msgid = '" + msgid + "'";
我建议使用a PreparedStatement来避免这些问题以及SQL注入的任何风险:
final String queryCheck = "SELECT * from messages WHERE msgid = ?";
final PreparedStatement ps = conn.prepareStatement(queryCheck);
ps.setString(1, msgid);
final ResultSet resultSet = ps.executeQuery();
使用字符串连接进行查询构建被认为是非常糟糕的做法.已经很久了.
此外,我建议使用select count(*)而不是完整,select *因为这会返回更少的数据(想想它的大小ResultSet),MySQL也可以优化它.
final String queryCheck = "SELECT count(*) from messages WHERE msgid = ?";
final PreparedStatement ps = conn.prepareStatement(queryCheck);
ps.setString(1, msgid);
final ResultSet resultSet = ps.executeQuery();
if(resultSet.next()) {
final int count = resultSet.getInt(1);
}
您需要使用绑定变量.
PreparedStatement st = conn.prepareStatement(
"SELECT * from messages WHERE msgid = ?");
st.setString(1, msgid);
ResultSet rs = st.executeQuery(queryCheck);
或者进入手动报价,但这是有风险的.
除了防止SQL注入之外,如果重复运行相同的查询,预准备语句也应该提高性能.