Java PreparedStatement检索最后插入的ID

本文介绍了Java PreparedStatement检索最后插入的ID的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

这种方式对这个问题的回答似乎很难在互联网上找到。基本上我使用PreparedStatement将值插入MySQL数据库。我使用PreparedStatement来转义数据以防止SQL注入攻击。问题是，现在有办法撤销这些密钥。

This answer to this question done this way seems to be very difficult to find on the internet. Basically I am inserting values into a MySQL database using PreparedStatement. I use the PreparedStatement to escape the data to prevent SQL Injection attacks. The problem is, there is now way retreving those keys.

String query="Insert INTO Table_A(name, age) (?, ?)"; //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape PreparedStatement prest; prest = con.prepareStatement(query); prest.setString(1,"abc"); prest.setInt(2,123); prest.executeUpdate(); //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error //prest.executeQuery(); Throws an error

那么如何在Java中转义输入并使用PreparedStatements？

So how can I escape input and use PreparedStatements in Java?

推荐答案

在 prepareStatement（）以及您的查询。然后使用 PreparedStatement 的getGeneratedKeys（）来获取包含插入的auto_incremented_id的ResultSet。

pass Statement.RETURN_GENERATED_KEYS in prepareStatement() along with your query. And then use getGeneratedKeys() of PreparedStatement to get the ResultSet containing your inserted auto_incremented_id.

String query="Insert INTO Table_A(name, age) (?, ?)"; //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape PreparedStatement prest; prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS); prest.setString(1,"abc"); prest.setInt(2,123); prest.executeUpdate(); //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error //prest.executeQuery(); Throws an error ResultSet rs = prest.getGeneratedKeys(); if(rs.next()) { int last_inserted_id = rs.getInt(1); }