我的 Oracle SQL 语句有什么问题?我不断收到“此处不允许列”错误?
好的,那么我的 SQL*Plus 语句有什么问题吗?据我所知,一切都应该正常工作?
//get parameters from the request
String custID=request.getParameter("cust_ID");
String saleID=request.getParameter("sale_ID");
String firstName=request.getParameter("first_Name");
String mInitial=request.getParameter("mI");
String lastName=request.getParameter("last_Name");
String streetName=request.getParameter("street");
String city=request.getParameter("city");
String state=request.getParameter("state");
String zipCode=request.getParameter("zip_Code");
String DOB=request.getParameter("DOB");
String agentID=request.getParameter("agent_ID");
String homePhone=request.getParameter("home_Phone");
String cellPhone=request.getParameter("cell_Phone");
String profession=request.getParameter("profession");
String employer=request.getParameter("emoployer");
String referrer=request.getParameter("referrer");
stmt.executeUpdate("INSERT INTO customer
(cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
+ " VALUES
(custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");
SQL DDL
CREATE TABLE customer
(cust_ID NUMBER NOT NULL,
sale_ID NUMBER NOT NULL,
first_Name VARCHAR2(30) NOT NULL,
mI VARCHAR2(2) ,
last_Name VARCHAR2(50) NOT NULL,
street_Name VARCHAR2(50) NOT NULL,
city VARCHAR2(30) NOT NULL,
state VARCHAR2(2) NOT NULL,
zip_Code VARCHAR2(5) NOT NULL,
DOB DATE ,
agent_ID NUMBER ,
home_Phone VARCHAR2(12) UNIQUE,
cell_Phone VARCHAR2(12) UNIQUE,
profession VARCHAR2(30) ,
employer VARCHAR2(30) ,
referrer VARCHAR2(30)
);
SQL DML
INSERT INTO customer
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);
INSERT INTO customer
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);
SELECT * FROM customer;
Okay, so what is wrong with my SQL*Plus statement? As far as I can tell everything should be working?
//get parameters from the request
String custID=request.getParameter("cust_ID");
String saleID=request.getParameter("sale_ID");
String firstName=request.getParameter("first_Name");
String mInitial=request.getParameter("mI");
String lastName=request.getParameter("last_Name");
String streetName=request.getParameter("street");
String city=request.getParameter("city");
String state=request.getParameter("state");
String zipCode=request.getParameter("zip_Code");
String DOB=request.getParameter("DOB");
String agentID=request.getParameter("agent_ID");
String homePhone=request.getParameter("home_Phone");
String cellPhone=request.getParameter("cell_Phone");
String profession=request.getParameter("profession");
String employer=request.getParameter("emoployer");
String referrer=request.getParameter("referrer");
stmt.executeUpdate("INSERT INTO customer
(cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
+ " VALUES
(custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");
SQL DDL
CREATE TABLE customer
(cust_ID NUMBER NOT NULL,
sale_ID NUMBER NOT NULL,
first_Name VARCHAR2(30) NOT NULL,
mI VARCHAR2(2) ,
last_Name VARCHAR2(50) NOT NULL,
street_Name VARCHAR2(50) NOT NULL,
city VARCHAR2(30) NOT NULL,
state VARCHAR2(2) NOT NULL,
zip_Code VARCHAR2(5) NOT NULL,
DOB DATE ,
agent_ID NUMBER ,
home_Phone VARCHAR2(12) UNIQUE,
cell_Phone VARCHAR2(12) UNIQUE,
profession VARCHAR2(30) ,
employer VARCHAR2(30) ,
referrer VARCHAR2(30)
);
SQL DML
INSERT INTO customer
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);
INSERT INTO customer
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);
SELECT * FROM customer;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您没有插入变量的值。您正在插入变量名称。
替换
为
请注意,不应使用字符串连接
+将 SQL 字符串中的变量粘合在一起。它将完全受到 SQL 注入攻击。始终使用PreparedStatement。You are not inserting the values of the variables. You are inserting variable names.
Replace
by
Please note that you shouldn't use string concatenation
+to glue the variables together in a SQL string. It would be totally open to SQL injection attacks. UsePreparedStatementall the way.