您的第二个查询缺少
Values子句中的右括号。
代替直接在查询中附加参数,请使用参数化查询。
public void mouseClicked(MouseEvent e) { if (cal == true) { try { int balchange = updatebal; String username = (String) userPicker.getSelectedItem(); Connection conn = DriverManager.getConnection( Host, Name, Pass ); PreparedStatement pst = conn.prepareStatement("UPDATE table_1 SET user_bal=? WHERe user_name=?"); pst.setInt(1, balchange); pst.setString(2, username); pst.execute(); String sign = "£"; String PayName = textField_1.getText(); PreparedStatement pst2 = conn.prepareStatement("INSERT INTO payment_info (payment_name, payment_amount, payment_date, username)" + " VALUES (?, ?, ?, ?)"); pst2.setString(1, PayName); pst2.setString(2, sign + balchange); pst2.setString(3, "Date");//if it's date column use ps2.setDate(3, new Date()); pst2.setString(4, username); pst2.execute(); cal = false; } catch (Exception e3) { e3.printStackTrace(); } } else { JOptionPane.showMessageDialog(null, "Please use the Calculator First!"); }}这样看起来会更干净,更容易编写。最重要的是,它将使您免受SQL
Injection攻击。
这是用于参数化查询的Oracle文档https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)