Why am I getting a java.sql.SQLException near "@" in my JDBC SQLite database?

huangapple go评论72阅读模式
英文:

Why am I getting a java.sql.SQLException near "@" in my JDBC SQLite database?

问题

以下是您要翻译的内容:

我正试图在我的SQLite数据库中更新数值。我的代码如下:

for(Cookie ck:cookie) {
    if (ck.getName().equals("email")) {
        s=ck.getValue();
        System.out.println(s);
        for(Cookie ce:cookie) {
            if(ce.getName().equals("name")) {
                System.out.println(ce.getValue());
                i=PS.executeUpdate("UPDATE Details "+"SET name="+ce.getValue()+" WHERE email="+s);
            }
            else if (ce.getName().equals("age")) {
                System.out.println(ce.getValue());
                i=PS.executeUpdate("UPDATE Details "+"SET age="+ce.getValue()+" WHERE email="+s);
            }
        }
        break;
    }
}

在这里,我试图通过使用Cookies来获取nameageemail,并将这些值更新到数据库中。然后,当我输入数据时,我会收到以下错误(假设邮箱为:abc@gmail.com):

java.sql.SQLException: near "@gmail": syntax error
	at org.sqlite.NativeDB.throwex(NativeDB.java:210)
	at org.sqlite.NativeDB._exec(Native Method)
	at org.sqlite.Stmt.executeUpdate(Stmt.java:152)
	at abhishek.Modify.doGet(Modify.java:44)...
英文:

I am trying to update values in my SQLite Database. My code is as follows:

                   for(Cookie ck:cookie) {
						if (ck.getName().equals("email")) {
							s=ck.getValue();
							System.out.println(s);
							for(Cookie ce:cookie) {
								if(ce.getName().equals("name")) {
									System.out.println(ce.getValue());
									i=PS.executeUpdate("UPDATE Details "+"SET name="+ce.getValue()+" WHERE email="+s);
								}
								else if (ce.getName().equals("age")) {
									System.out.println(ce.getValue());
									i=PS.executeUpdate("UPDATE Details "+"SET age="+ce.getValue()+" WHERE email="+s);
								}
							}
							break;
						}
						
					}

Here, I am trying to fetch the name, age and email with the help of Cookies and updating those values in the database. Then when I enter the inputs, I get this error (suppose the email is: abc@gmail.com):

java.sql.SQLException: near "@gmail": syntax error
	at org.sqlite.NativeDB.throwex(NativeDB.java:210)
	at org.sqlite.NativeDB._exec(Native Method)
	at org.sqlite.Stmt.executeUpdate(Stmt.java:152)
	at abhishek.Modify.doGet(Modify.java:44)...

答案1

得分: 0

i = PS.executeUpdate("UPDATE Details SET name='" + ce.getValue() + "' WHERE email='" + s + "'")
...
i = PS.executeUpdate("UPDATE Details SET age=" + ce.getValue() + " WHERE email='" + s + "'")
BTW learn about prepared statements to prevent sql-injection
英文:

You have to add single quotes around strings in sql.

i=PS.executeUpdate("UPDATE Details "+"SET name='"+ce.getValue()+"' WHERE email='"+s+"'");
...
i=PS.executeUpdate("UPDATE Details "+"SET age="+ce.getValue()+" WHERE email='"+s+"'")

BTW learn about prepared statements to prevent sql-injection

huangapple
  • 本文由 发表于 2020年10月6日 13:02:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/64219641.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定