mysql语句这样写提示语法错误，不能更新

代码如下
String selsql = "select * from login where username = ? and password = ?";
Connection con = DBTool.getConnection();
PreparedStatement selstm = con.prepareStatement(selsql);
String username = ActionContext.getContext().getSession()
.get("username").toString();
System.out.println(username);
selstm.setString(1, username);
selstm.setString(2, this.getOldpwd());
ResultSet selrs = selstm.executeQuery();
if (selrs.next()) {
System.out.println("存在此用户");
String updatesql = "update login set password = '?' where username = '?'";
PreparedStatement updatestm = con.prepareStatement(updatesql);
updatestm.setString(1, this.getNewpwd2());
updatestm.setString(2, username);
System.out.println(updatesql);
int num = updatestm.executeUpdate(updatesql);
System.out.println(num);
if (num == 1) {
System.out.println("修改成功");
return SUCCESS;
} else {
System.out.println("修改失败");
return ERROR;
}
} else {
System.out.println("原始密码错误");
return ERROR;
}
提示我语法错误

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

String updatesql = "update login set password = '?' where username = '?'";这个语句很明显有错。。有占位符？  是不是需要加单引号的。
把单引号去掉应该就可以了，这个问题应该是粗心导致的吧。你看你上面的查询就没有加单引号
我把那个单引号去掉了还是提示错误，错误信息是：
type Exception reportmessagedescription The server encountered an internal error () that prevented it from fulfilling this request.exceptioncom.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? where username = ?' at line 1
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
java.lang.reflect.Constructor.newInstance(Constructor.java:513)
com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
com.mysql.jdbc.Util.getInstance(Util.java:386)
com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3597)
com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3529)
com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1990)
com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2151)
com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2619)
com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1709)
com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1628)
com.game.action.PasswordAction.execute(PasswordAction.java:63)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
你看看这里：near '? where username = ?' at line 1说明还是有单引号啊。。   把项目重新编译一下
就是把最上面的代码去掉单引号
public String execute() throws Exception {
String selsql = "select * from login where username = ? and password = ?";
Connection con = DBTool.getConnection();
PreparedStatement selstm = con.prepareStatement(selsql);
String username = ActionContext.getContext().getSession()
.get("username").toString();
System.out.println(username);
selstm.setString(1, username);
selstm.setString(2, this.getOldpwd());
ResultSet selrs = selstm.executeQuery();
if (selrs.next()) {
System.out.println("存在此用户");
String updatesql = "update login set password = ? where username = ?";
PreparedStatement updatestm = con.prepareStatement(updatesql);
updatestm.setString(1, this.getNewpwd2());
updatestm.setString(2, username);
System.out.println(updatesql);
int num = updatestm.executeUpdate(updatesql);
System.out.println(num);
if (num == 1) {
System.out.println("修改成功");
return SUCCESS;
} else {
System.out.println("修改失败");
return ERROR;
}
} else {
System.out.println("原始密码错误");
return ERROR;
}
}
格式化一下代码嘛。。
public String execute() throws Exception {
String selsql = "select * from login where username = ? and password = ?";
Connection con = DBTool.getConnection();
PreparedStatement selstm = con.prepareStatement(selsql);
String username = ActionContext.getContext().getSession()
.get("username").toString();
System.out.println(username);
selstm.setString(1, username);
selstm.setString(2, this.getOldpwd());
ResultSet selrs = selstm.executeQuery();
if (selrs.next()) {
System.out.println("存在此用户");
String updatesql = "update login set password = ? where username = ?";
PreparedStatement updatestm = con.prepareStatement(updatesql);
updatestm.setString(1, this.getNewpwd2());
updatestm.setString(2, username);
System.out.println(updatesql);
int num = updatestm.executeUpdate(updatesql);
System.out.println(num);
if (num == 1) {
System.out.println("修改成功");
return SUCCESS;
} else {
System.out.println("修改失败");
return ERROR;
}
} else {
System.out.println("原始密码错误");
return ERROR;
}
}
public String execute() throws Exception {
String selsql = "select * from login where username = ? and password = ?";
Connection con = DBTool.getConnection();
PreparedStatement selstm = con.prepareStatement(selsql);
String username = ActionContext.getContext().getSession()
.get("username").toString();
System.out.println(username);
selstm.setString(1, username);
selstm.setString(2, this.getOldpwd());
ResultSet selrs = selstm.executeQuery();
if (selrs.next()) {
System.out.println("存在此用户");
String updatesql = "update login set password = ? where username = ?";
PreparedStatement updatestm = con.prepareStatement(updatesql);
updatestm.setString(1, this.getNewpwd2());
updatestm.setString(2, username);
System.out.println(updatesql);
int num = updatestm.executeUpdate(updatesql);
System.out.println(num);
if (num == 1) {
System.out.println("修改成功");
return SUCCESS;
} else {
System.out.println("修改失败");
return ERROR;
}
} else {
System.out.println("原始密码错误");
return ERROR;
}
}
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? where username = ?' at line 1
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
java.lang.reflect.Constructor.newInstance(Constructor.java:513)
com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
com.mysql.jdbc.Util.getInstance(Util.java:386)
com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1052)
com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3597)
com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3529)
com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1990)
com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2151)
com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2619)
com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1709)
com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1628)
com.game.action.PasswordAction.execute(PasswordAction.java:63)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:452)
com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:291)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:254)
com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:263)
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:133)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:207)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:207)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:75)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:94)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:270)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:176)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:190)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:187)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:248)
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:498)
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
sql语法没问题啊。你检查一下，你的？是中文的？还是英文的：
String updatesql = "update login set password = ? where username = ?";
如果这个没有问题的话，你现在不要用占位符。直接把值拼装成sql:
String updatesql = "update login set password = " +? where username = ?";
String updatesql = "update login set password ='"+this.getNewpwd2() +"' where username = '"+username+"'";
String selsql = "select * from login where username = ? and password = ?";
        Connection con = DBTool.getConnection();
        PreparedStatement selstm = con.prepareStatement(selsql);
        String username = ActionContext.getContext().getSession()
                .get("username").toString();
        System.out.println(username);
        selstm.setString(1, username);
        selstm.setString(2, this.getOldpwd());
        ResultSet selrs = selstm.executeQuery();
        if (selrs.next()) {
            System.out.println("存在此用户");
            String updatesql = "update login set password = '?' where username = '?'";
            PreparedStatement updatestm = con.prepareStatement(updatesql);
            updatestm.setString(1, this.getNewpwd2());
            updatestm.setString(2, username);
            System.out.println(updatesql);
             int num = updatestm.executeUpdate(updatesql);
------------------经尝试，把这里改成int num = updatestm.executeUpdate();
就可以了，楼主可以试试看
String updatesql = "update login set password = ？ where username =？";
站位符不需要引起来吧
数据库字段用password  ，真是蛋不够疼，如果在sqlserver下，像 password  这些关键字是不允许做字段的
好像没人命中关键呀。
preparestatement是statement的子类。既然你做prepare，那你调用的时候就execute()或executeQuery()，别传参数。不然带参数的又变成statement的执行了。
必须的。
String selsql = "select * from login where username = ? and password = ?";改成String selsql = "select * from login where username=? and password=?";就是去掉？和=前面的空格。试试看。
   selstm.setString(1, username);
        selstm.setString(2, this.getOldpwd());
问题是不是出在这里啊？占位符不是从0开始吗？如果我说的不对的话，各位不要扔板砖...