JavaPreparedStatement检索最后插入的ID

发布于 2024-10-28 21:59:08 字数 594 浏览 2 评论 0原文

以这种方式完成的这个问题的答案似乎很难在互联网上找到。基本上我使用PreparedStatement 将值插入MySQL 数据库。我使用PreparedStatement 转义数据以防止SQL 注入攻击。问题是，现在有办法检索这些密钥。

String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error

那么如何在 Java 中转义输入并使用 PreparedStatements 呢？

原文

This answer to this question done this way seems to be very difficult to find on the internet. Basically I am inserting values into a MySQL database using PreparedStatement. I use the PreparedStatement to escape the data to prevent SQL Injection attacks. The problem is, there is now way retreving those keys.

String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error

So how can I escape input and use PreparedStatements in Java?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

静若繁花 2024-11-04 21:59:08

将 prepareStatement() 中的 Statement.RETURN_GENERATED_KEYS 与您的查询一起传递。然后使用PreparedStatement的getGenerateKeys()来获取包含插入的auto_incremented_id的ResultSet。

String query="Insert INTO Table_A(name, age) (?, ?)";
                //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
                PreparedStatement prest;
                prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
                prest.setString(1,"abc");
                prest.setInt(2,123);
                prest.executeUpdate();
                //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
                //prest.executeQuery(); Throws an error
                ResultSet rs = prest.getGeneratedKeys();
                if(rs.next())
                {
                    int last_inserted_id = rs.getInt(1);
                }

pass Statement.RETURN_GENERATED_KEYS in prepareStatement() along with your query. And then use getGeneratedKeys() of PreparedStatement to get the ResultSet containing your inserted auto_incremented_id.

String query="Insert INTO Table_A(name, age) (?, ?)";
                //String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
                PreparedStatement prest;
                prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
                prest.setString(1,"abc");
                prest.setInt(2,123);
                prest.executeUpdate();
                //prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
                //prest.executeQuery(); Throws an error
                ResultSet rs = prest.getGeneratedKeys();
                if(rs.next())
                {
                    int last_inserted_id = rs.getInt(1);
                }

回复收藏 0 原文