public class UserInsertAction extends Action { @Override
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
String userid=request.getParameter("userid");
String username=request.getParameter("password");
String password=request.getParameter("username");
String depart=request.getParameter("depart");
String ucode=request.getParameter("ucode");
String uphone=request.getParameter("uphone");
try
{
String sql="insert into userinfo (userid,username,password,depart,ucode,uphone) values(?)"; ConnectDB db=new ConnectDB();
ResultSet rs=db.executeQuery(sql);
System.out.println(userid);
return mapping.findForward("success");
}
catch(Exception e)
{
e.printStackTrace();
}
// TODO Auto-generated method stub
return super.execute(mapping, form, request, response);
}}
请问中间的SQL语句怎么写啊,这样插入对吗?
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
String userid=request.getParameter("userid");
String username=request.getParameter("password");
String password=request.getParameter("username");
String depart=request.getParameter("depart");
String ucode=request.getParameter("ucode");
String uphone=request.getParameter("uphone");
try
{
String sql="insert into userinfo (userid,username,password,depart,ucode,uphone) values(?)"; ConnectDB db=new ConnectDB();
ResultSet rs=db.executeQuery(sql);
System.out.println(userid);
return mapping.findForward("success");
}
catch(Exception e)
{
e.printStackTrace();
}
// TODO Auto-generated method stub
return super.execute(mapping, form, request, response);
}}
请问中间的SQL语句怎么写啊,这样插入对吗?
动态参数要使用 字符串拼接 方式
即""+str+""
然后给没一个问号赋值
{
String sql="insert into userinfo (userid,username,password,depart,ucode,uphone) values ('"+userid+"','"+username+"','"+password+"','"+password+"','"+depart+"','"+ucode+"','"+uphone+"')";
System.out.println(userid);
ConnectDB db=new ConnectDB();
ResultSet rs=db.executeUqdate(sql);
红色地方有错啊,怎么回事
db.executeUpdate(sql); 是 executeUpdate 不是 executeUqdate(); 并且它返回的是 int 不是 ResultSet: 如
int flag = db.executeUpdate(sql);
String sql="insert into userinfo (userid,username,password,depart,ucode,uphone) values('"+userid+"','"+username+"','"+password+"','"+password+"','"+depart+"','"+ucode+"','"+uphone+"')";
sql语句正确!用 preparedstatement 接口