这种方式对这个问题的回答似乎很难在互联网上找到。基本上我使用PreparedStatement将值插入MySQL数据库。我使用PreparedStatement来转义数据以防止SQL注入攻击。问题是,现在有办法撤销这些密钥。
This answer to this question done this way seems to be very difficult to find on the internet. Basically I am inserting values into a MySQL database using PreparedStatement. I use the PreparedStatement to escape the data to prevent SQL Injection attacks. The problem is, there is now way retreving those keys.
String query="Insert INTO Table_A(name, age) (?, ?)"; //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape PreparedStatement prest; prest = con.prepareStatement(query); prest.setString(1,"abc"); prest.setInt(2,123); prest.executeUpdate(); //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error //prest.executeQuery(); Throws an error那么如何在Java中转义输入并使用PreparedStatements?
So how can I escape input and use PreparedStatements in Java?
推荐答案在 prepareStatement()$ c中传递 Statement.RETURN_GENERATED_KEYS $ c>以及您的查询。然后使用 PreparedStatement 的getGeneratedKeys()来获取包含插入的auto_incremented_id的ResultSet。
pass Statement.RETURN_GENERATED_KEYS in prepareStatement() along with your query. And then use getGeneratedKeys() of PreparedStatement to get the ResultSet containing your inserted auto_incremented_id.
String query="Insert INTO Table_A(name, age) (?, ?)"; //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape PreparedStatement prest; prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS); prest.setString(1,"abc"); prest.setInt(2,123); prest.executeUpdate(); //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error //prest.executeQuery(); Throws an error ResultSet rs = prest.getGeneratedKeys(); if(rs.next()) { int last_inserted_id = rs.getInt(1); }更多推荐
Java PreparedStatement检索最后插入的ID
发布评论