尝试更新字符串字段时出现 java.sql.SQLSyntaxErrorException
Posted
技术标签:
【中文标题】尝试更新字符串字段时出现 java.sql.SQLSyntaxErrorException【英文标题】:java.sql.SQLSyntaxErrorException when trying to update a string field 【发布时间】:2019-08-27 00:18:23 【问题描述】:我在 phpMyAdmin 中设置了我的数据库,在下面的查询中,我试图更新一个包含某些软件文件路径的字符串字段,例如'C:\Program Files (x86)\Kaspersky Lab\Kaspersky全面安全 19.0.0\avp.exe'。
当我执行查询时,我得到如下所示的 java.sql.SQLSyntaxErrorException。此查询在 phpMyAdmin 本身中运行时运行良好。我究竟做错了什么?
我的查询:
String query4 = MessageFormat.format("UPDATE system_object SET file_path = 0, validate=1 " +
"where category_key = 2", settings.getAntivirus_filePath(), settings.isAntivirus_validate());
错误
java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':\Program Files (x86)Kaspersky LabKaspersky Total Security 19.0.0avp.exe, valida' at line 1
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
at com.mysql.cj.jdbc.StatementImpl.executeUpdateInternal(StatementImpl.java:1355)
at com.mysql.cj.jdbc.StatementImpl.executeLargeUpdate(StatementImpl.java:2128)
at com.mysql.cj.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1264)
at s4.server.resourcemonitor.dao.ServerResourcesDAO.savePCSettings(ServerResourcesDAO.java:307)
at s4.server.resourcemonitor.controller.ServerResourcesController.savePCSettings(ServerResourcesController.java:79)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:919)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:663)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
编辑 我确实尝试在我的参数上使用引号,但后来我得到了同样的错误
java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '0, validate=true where category_key = 2' at line 1
【问题讨论】:
不确定,但奇怪的是您的消息没有填写参数。我猜你的settings.getAntivirus_filePath() 声明有问题
【参考方案1】:
将您的代码修改为:
String query4 = MessageFormat.format(
"UPDATE system_object SET file_path = \"0\", validate=\"1\" " +
"where category_key = 2", "demo1",
"demo2");
System.out.println(query4);
输出:UPDATE system_object SET file_path = "demo1", validate="demo2" where category_key = 2
【讨论】:
【参考方案2】:只是更新使用双''而不是单':
String query4 = MessageFormat.format(
"UPDATE system_object SET file_path = '0', validate='1' " +
"where category_key = 2", settings.getAntivirus_filePath(),
settings.isAntivirus_validate());
【讨论】:
【参考方案3】:使用PreparedStatement 并绑定参数;您当前的方法容易受到 sql 注入的影响。忽略这个问题(这是一个大问题),你没有引用你的参数。你可以这样做
String query4 = MessageFormat.format(
"UPDATE system_object SET file_path = '0', validate='1' " +
"where category_key = 2", settings.getAntivirus_filePath(),
settings.isAntivirus_validate());
【讨论】:
我确实尝试引用它们,但得到了类似的错误 在这种情况下引用它们将不起作用,因为MessageFormat 会将其视为文字文本。 PreparedStatement 是要走的路。
是的,我最终使用了准备好的语句,它现在工作正常。谢谢
即去掉代码中对MessageFormat的调用。您正在使用 MessageFormat 进行语句参数绑定,这根本不是为了该目的。用于此目的的是 PreparedStatement.setParameter(...)。以上是关于尝试更新字符串字段时出现 java.sql.SQLSyntaxErrorException的主要内容,如果未能解决你的问题,请参考以下文章