关于JAVA的SQL转义有关问题，请高手来解决

2011-12-27

关于JAVA的SQL转义问题，请高手来解决Java codepublic static void update (Products aProduct){Statement

关于JAVA的SQL转义问题，请高手来解决

Java code

public static void update (Products aProduct)    {        Statement aStatement=null;        String strSQL="UPDATE Products SET";        strSQL+=" ProductName="+"'"+aProduct.getProductName()+"'"+",";        strSQL+=" SupplierID="+aProduct.getSupplierID()+",";        strSQL+=" CategoryID="+aProduct.getCateGoryID()+",";        strSQL+=" QuantityPerUnit="+"'"+aProduct.getQuantityPerUnit()+"'"+",";        strSQL+=" UnitPrice="+aProduct.getUnitPrice()+",";        strSQL+=" UnitsInStock="+aProduct.getUnitsInStock()+",";        strSQL+=" UnitsOnOrder="+aProduct.getUnitsOnOrder()+",";        strSQL+=" ReorderLevel="+aProduct.getReorderLevel()+",";        strSQL+=" Discontinued="+(aProduct.getDiscontinued()?1:0);        strSQL+=" WHERE ProductID="+aProduct.getProductID();        try        {            getDBConnection();            aStatement=aConnection.createStatement();                        aStatement.executeUpdate(strSQL);                    }        catch(SQLException e)        {            JOptionPane.showMessageDialog(null, e.getMessage(),"Error",JOptionPane.ERROR_MESSAGE);                    }        finally        {            closeStatement(aStatement);            closeConnection();            System.out.println(strSQL);        }    }

现在的问题是我想更新数据库里的ProductName="a'b",其中包含"'"单引号无法插入，数据库报错。请问有什么就简单的办法完整特殊字符的转义。

[解决办法]

Java code

public static void update (Products aProduct)    {        PreparedStatement aStatement=null;        String strSQL="UPDATE Products SET";        strSQL+=" ProductName=?,";        strSQL+=" SupplierID=?,";        strSQL+=" CategoryID=?,";        strSQL+=" QuantityPerUnit=?,";        strSQL+=" UnitPrice=?,";        strSQL+=" UnitsInStock=?,";        strSQL+=" UnitsOnOrder=?,";        strSQL+=" ReorderLevel=?,";        strSQL+=" Discontinued=?";        strSQL+=" WHERE ProductID=?";        try        {            getDBConnection();            aStatement=aConnection.preparedStatement(strSQL);            int parameterIndex=1;            aStatement.setString(parameterIndex, aProduct.getProductName());            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getSupplierID());            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getCateGoryID());            parameterIndex++;            aStatement.setString(parameterIndex, aProduct.getQuantityPerUnit());            parameterIndex++;            aStatement.setDouble(parameterIndex, aProduct.getUnitPrice());            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getUnitsInStock());            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getUnitsOnOrder());            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getReorderLevel());            parameterIndex++;            aStatement.setInt(parameterIndex, (aProduct.getDiscontinued()?1:0));            parameterIndex++;            aStatement.setInt(parameterIndex, aProduct.getProductID());            parameterIndex++;            aStatement.executeUpdate();                    }        catch(SQLException e)        {            JOptionPane.showMessageDialog(null, e.getMessage(),"Error",JOptionPane.ERROR_MESSAGE);                    }        finally        {            closeStatement(aStatement);            closeConnection();            System.out.println(strSQL);        }    }

热点排行

J2SE开发

关于JAVA的SQL转义有关问题，请高手来解决