JAVA SQL命令未正确结束

Question

JAVA SQL命令未正确结束

我有这个代码:

buy.addActionListener(new ActionListener()
{
    @Override
    public void actionPerformed(ActionEvent actionEvent)
    {
        int r;
        r = table.getSelectedRow();
        String num = (String) table.getValueAt(r, 0);//numele jucariei
        //String cop = (String) table.getValueAt(r, 3);//nr de bucati

        try
        {
            pq = stmt.executeQuery("SELECT *" + "FROM buyid_view");
            xv = stmt.executeQuery("SELECT toyid, copies " + "FROM alldatas_view" + "WHERE toyname ='"+num+"'");
            int buyid = pq.getInt("buyid");
            int toyid = xv.getInt("toyid");
            int copies = xv.getInt("copies");
            copies = copies-1;
            CallableStatement cstmt = con.prepareCall("INSERT INTO buy (buyid, toyid)" + "VALUES (?,?)");
            cstmt.setInt("buyid", buyid);
            cstmt.setInt("toyid", toyid);
            ResultSet rs = cstmt.executeQuery();
            JOptionPane.showMessageDialog(null, "You brought a toy.");

            for(int i = 0; i < table.getRowCount(); i++)
                for(int j = 0; j < table.getColumnCount(); j++)
                    table.setValueAt("", i, j);

            try
            {
                rs = stmt.executeQuery("UPDATE toys set copies "+ copies +"WHERE toyid= '"+toyid+"'");
            }
            catch (SQLException e)
            {
                JOptionPane.showMessageDialog(null, e.getMessage());
            }

            int i = 0;

            try
            {
                rs = stmt.executeQuery("SELECT *"+
                        "FROM availablebooks_view");
            }
            catch (SQLException e)
            {
                e.printStackTrace();
            }
            finally
            {
                try {
                    if(rs.next())
                    {
                        table.setValueAt(rs.getString(1), i, 0);
                        table.setValueAt(rs.getString(2), i, 1);
                        table.setValueAt(rs.getString(3), i, 2);
                        i++;
                        while(rs.next())
                        {
                            table.setValueAt(rs.getString(1), i, 0);
                            table.setValueAt(rs.getString(2), i, 1);
                            table.setValueAt(rs.getString(3), i, 2);
                            i++;
                        }
                    }
                } catch (SQLException e) {
                    JOptionPane.showMessageDialog(null, e.getMessage());
                }
            }
        }
        catch (SQLException e)
        {
            if(e.getMessage().contains("You have to pay!"))
                warning(frame, "You didn't pay all your products");
            else
                warning(frame, e.getMessage());
        }
    }
});

Run Code Online (Sandbox Code Playgroud)

当我编译我的程序时,我没有任何错误,但是当我运行它并点击"购买"按钮时,它给出了一个错误,说"ORA-00933:SQL命令没有正确结束".

Answer 1

Jim*_*son 5

从字符串构建SQL语句时,必须确保存在需要空格的空格.

rs = stmt.executeQuery("SELECT *"+
     "FROM availablebooks_view");

Run Code Online (Sandbox Code Playgroud)

您要发送的声明是

SELECT *FROM availablebooks_view

Run Code Online (Sandbox Code Playgroud)

这是无效的语法.您在代码中的几个位置遇到此问题.

但是,由于逐步构建SQL语句会导致更大的问题.这使您对SQL注入开放,您应该重写代码以使用预准备语句和参数.

归档时间：	9 年，9 月前
查看次数：	581 次
最近记录：	9 年，9 月前