将数据从jsp插入数据库时遇到问题。我有3张桌子:
书籍(bookid),用户(id),Review(b_id,u_id),外键b_id,u_id引用上面的2个表。到目前为止,这是我的代码:
java的
public void insert(ReviewModel model) {
try {
String b_id = null;
String u_id = null;
String sql = "insert into review (content,datePost,rating,b_id,u_id)\n"
+ "values (?,?,?,(select BookID from Books where BookID = '" + b_id + "'),(select id from Users where id = '" + u_id + "') )";
PreparedStatement statement = connection.prepareCall(sql);
statement.setString(1, model.getContent());
statement.setDate(2, (Date) (model.getDatePost()));
statement.setFloat(3, model.getRating());
statement.setInt(4, model.getBookid());
statement.setInt(5, model.getUserid());
statement.executeUpdate();
} catch (SQLException ex) {
Logger.getLogger(ReviewDAO.class.getName()).log(Level.SEVERE, null, ex);
}
}
问题在于:
"...where BookID = '" + b_id + "')..."
statement.setInt(4, model.getBookid());
statement.setInt(5, model.getUserid());
设置参数和问号的数量必须匹配。您尝试将其绑定为命名参数,但是在您的SQL中,您只需将空字符串连接到它。因此要么删除上面的参数setter行,要么填充字符串变量
String b_id=mode.getBookId()
或使用'?'的占位符:... where BookID = ? ...
(使用后者,第一个容易受到sql注入)