论坛首页 → Java版 →

关于jdbc中通用的转义字符？！

全部 Hibernate Spring Struts Webwork iBATIS 企业应用设计模式 DAO 领域模型 OO Tomcat SOA JBoss J2ME

浏览 1538 次

锁定老贴子主题：关于jdbc中通用的转义字符？！精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者	正文
lyo 等级: 性别: 文章: 474 积分: 1286 来自: 北京	时间：2006-07-23 如果在数据库中有一个字符串保存成 [code:1] \|"test"\| [/code:1] 无论用jdbc怎样转义都报语法错误，我使用mysql4.1,mysql-jdbc-connector-3.0. 我的写法： [code:1] ResultSet rs=stm.executeQuery("select * from a where name='\"test \"' s");[/code:1] 报错： [code:1]Exception in thread "main" java.sql.SQLException: Syntax error or access violati on message from server: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' s' at line 1" at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:1997) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1167) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1278) at com.mysql.jdbc.MysqlIO.sqlQuery(MysqlIO.java:1224) at com.mysql.jdbc.Connection.execSQL(Connection.java:2244) at com.mysql.jdbc.Connection.execSQL(Connection.java:2192) at com.mysql.jdbc.Statement.executeQuery(Statement.java:1163) at lyo.hotmail.test.Test.main(Test.java:48)[/code:1] 使用单引号转义也没用！难道数据库中的双引号字符串没办法查出来？我看到网上的文章，说 jdbc提供了通用的转义方法： http://www.jguru.com/faq/view.jsp?EID=8881 引用 An example of this is if you want to issue the following SQL command: SELECT * FROM BIRDS WHERE SPECIES='Williamson's Sapsucker' In this case, the apostrophe in "Williamson's" is going to cause a problem for the database because SQL will interpret it as a string delimiter. It is not good enough to use the C-style escape \', because that substitution would be made by the Java compiler before the string is sent to the database. Different flavors of SQL provide different methods to deal with this situation. JDBC abstracts these methods and provides a solution that works for all databases. With JDBC you could write the SQL as follows: Statement statement = // obtain reference to a Statement statement.executeQuery( "SELECT * FROM BIRDS WHERE SPECIES='Williamson/'s Sapsucker' {escape '/'}"); The clause in curly braces, namely {escape '/'}, is special syntax used to inform JDBC drivers what character the programmer has chosen as an escape character. The forward slash used as the SQL escape has no special meaning to the Java compiler; this escape sequence is interpreted by the JDBC driver and translated into database-specific SQL before the SQL command is issued to the database. 但是他的方法用了也是报错，不知道是怎麽回事儿？大家有研究过通用的jdbc转义的问题么？声明：JavaEye文章版权属于作者，受法律保护。没有作者书面许可不得转载。推荐链接管理，因简化而自主——IBM Rational Oracle专区上线，有Oracle最新文章，重要下载及知识库等精彩内容，欢迎访问。
返回顶楼

lyo 等级: 性别: 文章: 474 积分: 1286 来自: 北京	时间：2006-07-23 ？？？好像这个论坛的转义字符也没有处理好 :) 我写的test两边的双引号没有转义啊！
返回顶楼	0 0 请登录后投票

baichenhong 等级: 文章: 55 积分: 405	时间：2006-07-24 用PrepareStatement
返回顶楼	0 0 请登录后投票

lyo 等级: 性别: 文章: 474 积分: 1286 来自: 北京	时间：2006-07-24 baichenhong 写道用PrepareStatement 我知道用这个可以避免，但是不解的是那篇文章上的这段代码居然能运行？ [code:1] Statement statement = // obtain reference to a Statement statement.executeQuery( "SELECT * FROM BIRDS WHERE SPECIES='Williamson/'s Sapsucker' {escape '/'}"); [/code:1] 还有就是如果用了 PrepareStatement,jdbc会根据不同数据库做特殊的转义了？
返回顶楼	0 0 请登录后投票

dwangel 等级: 文章: 503 积分: 650	时间：2006-07-24 ResultSet rs=stm.executeQuery("select * from a where name='\&test \&' s"); 你这句明明是单引号外面多了一个字符 s
返回顶楼	0 0 请登录后投票

lyo 等级: 性别: 文章: 474 积分: 1286 来自: 北京	时间：2006-07-26 dwangel 写道 ResultSet rs=stm.executeQuery("select * from a where name='\&test \&' s"); 你这句明明是单引号外面多了一个字符 s 这个问题已经知道了，现在是说问中的： [code:1]Statement statement = // obtain reference to a Statement statement.executeQuery( "SELECT * FROM BIRDS WHERE SPECIES='Williamson/'s Sapsucker' {escape '/'}");[/code:1] 是表达的什么意思？
返回顶楼	0 0 请登录后投票

论坛首页 → Java版

跳转论坛:

JavaEye推荐