Java中数据库的问题!请教 操作符丢失

来源:百度知道 编辑:UC知道 时间:2024/05/22 12:40:05
//addNew()方法,Int型的SQL语言可能有问题
public static void addNew(Bookclass aBook)throws DuplicateException{
bookID=aBook.getBookID();
bookIndex=aBook.getBookIndex();
bookName=aBook.getBookName();
bookISBN=aBook.getBookISBN();
bookAuthor=aBook.getBookAuthor();
bookConcern=aBook.getBookConcern();
leftNumOfBook=aBook.getLeftNumOfBook();
bookPrice=aBook.getBookPrice();
stateOfBook=aBook.getStateOfBook();
isNewBook=aBook.getIsNewBook();
everydayPenalty=aBook.getEverydayPenalty();
maxTimeOfBook=aBook.getMaxTimeOfBook();
publishDate=aBook.getPublishDate();

String sqlInsert="INSERT INTO Book"+
"(BookID,BookIndex,BookName,BookISBN,BookAuthor,BookConcern,"
+"LeftNumOfBook,BookPrice,StateOfBook,IsNewBook,EverydayPenalty,MaxTimeOfBook,PublishDate)"
+"VALUES('"+bookID+"','"

怎么把个SQL语句写那么长啊?
怎么不用预编译的 PreparedStatement
那样SQL语句也不用写成那个样子把.
建议你的SQL改下,按照你写的那眼该很容易出错
String sql = "insert into 表名 values(?,?,?,?.....多少个字段多少个"?"号)".
PreparedStatement psta = Connection.prepareStatement(sql);
psta.setString(那个对象名点字段).
psta.set....(根据你的字段的类型).
呵呵,
给你点建议.
而且的话,这种是能防SQL注入的

bookPrice前面少半个引号吧。。。或者说是后面多了半个引号。。。

a

sql文改成这个就可以了

String sqlInsert="INSERT INTO Book"+
"(BookID,BookIndex,BookName,BookISBN,BookAuthor,BookConcern,"
+"LeftNumOfBook,BookPrice,StateOfBook,IsNewBook,EverydayPenalty,MaxTimeOfBook,PublishDate)"
+" VALUES("+bookID+",'"+bookIndex+"','"+bookName+"','"+bookISBN+"','"
+bookAuthor+"','"+bookConcern+"','"+leftNumOfBook+"','"+bookPrice+"','"
+isNewBook+&q