我的sql语句为
String Name = "123";
String sql = "SELECT * FROM shops WHERE name = "+Name;
Statement statement = connection.createStatement(); //然后执行,报错
报错
"Unknown column 'xxx' in 'where clause' "
原因很简单,你没加引号,所以你以为的sql语句是:
SELECT * FROM shops WHERE name = '123';
但是实际上生成的却是:
SELECT * FROM shops WHERE name = 123;
推荐解决方案:更换Statement 为PreparedStatement,并使用setString(int i,String str)方法,这样会自动加' '。
String sql = "SELECT * FROM shops WHERE name=?";
try {
PreparedStatement ps = connection.prepareStatement(sql);
ps.setString(1,Name);
ResultSet rs = ps.executeQuery();
}catch(Exception e){
}
