問題描述
Праблема з заявай аб абнаўленні Java (Java Update statement issue)
I am trying to update the SSN for a customer by searching for them based on the old SSN then updating it. What am I missing? This will not return a result even though i know i have matches for ssNum in the database. Thanks.
String query = "UPDATE Customers SET ss_num = ('" + updateSsn
+ "') WHERE ss_num = ('" + ssNum + "')";
‑‑‑‑‑
參考解法
方法 1:
That type of query is unsafe (vulnerable to SQL injection). Write your query as follows and use PreparedStatement:
String query = "UPDATE Customers SET ss_num = ? WHERE ss_num = ?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, updateSsn);
ps.setString(2, ssnNum);
方法 2:
you need to use executeUpdate() method, which doesn't return ResultSet, but it will return numberOfRowsUpdated
Use PreparedStatement instead
(by Gluons、Bhesh Gurung、jmj)