我的 Oracle SQL 语句有什么问题?我不断收到“此处不允许列”错误?

发布于 2024-11-01 16:35:45 字数 2673 浏览 4 评论 0原文

好的,那么我的 SQL*Plus 语句有什么问题吗?据我所知,一切都应该正常工作?

   //get parameters from the request
 String custID=request.getParameter("cust_ID");
 String saleID=request.getParameter("sale_ID");
 String firstName=request.getParameter("first_Name");
 String mInitial=request.getParameter("mI");
 String lastName=request.getParameter("last_Name");
 String streetName=request.getParameter("street");
 String city=request.getParameter("city");
 String state=request.getParameter("state");
 String zipCode=request.getParameter("zip_Code");
 String DOB=request.getParameter("DOB");
 String agentID=request.getParameter("agent_ID");
 String homePhone=request.getParameter("home_Phone");
 String cellPhone=request.getParameter("cell_Phone");
 String profession=request.getParameter("profession");
 String employer=request.getParameter("emoployer");
 String referrer=request.getParameter("referrer");

 stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

SQL DDL

   CREATE TABLE customer
       (cust_ID     NUMBER          NOT NULL,
        sale_ID             NUMBER          NOT NULL,
        first_Name      VARCHAR2(30)        NOT NULL,
        mI          VARCHAR2(2)         ,
        last_Name       VARCHAR2(50)        NOT NULL,
        street_Name     VARCHAR2(50)        NOT NULL,
        city            VARCHAR2(30)        NOT NULL,
        state           VARCHAR2(2)     NOT NULL,
        zip_Code        VARCHAR2(5)     NOT NULL,
        DOB         DATE            ,
        agent_ID        NUMBER              ,
        home_Phone      VARCHAR2(12)        UNIQUE,         
        cell_Phone      VARCHAR2(12)        UNIQUE,
        profession      VARCHAR2(30)            ,
        employer        VARCHAR2(30)            ,
        referrer        VARCHAR2(30)            
     );    

SQL DML

INSERT INTO customer 
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);

INSERT INTO customer 
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);

SELECT * FROM customer;  

Okay, so what is wrong with my SQL*Plus statement? As far as I can tell everything should be working?

   //get parameters from the request
 String custID=request.getParameter("cust_ID");
 String saleID=request.getParameter("sale_ID");
 String firstName=request.getParameter("first_Name");
 String mInitial=request.getParameter("mI");
 String lastName=request.getParameter("last_Name");
 String streetName=request.getParameter("street");
 String city=request.getParameter("city");
 String state=request.getParameter("state");
 String zipCode=request.getParameter("zip_Code");
 String DOB=request.getParameter("DOB");
 String agentID=request.getParameter("agent_ID");
 String homePhone=request.getParameter("home_Phone");
 String cellPhone=request.getParameter("cell_Phone");
 String profession=request.getParameter("profession");
 String employer=request.getParameter("emoployer");
 String referrer=request.getParameter("referrer");

 stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

SQL DDL

   CREATE TABLE customer
       (cust_ID     NUMBER          NOT NULL,
        sale_ID             NUMBER          NOT NULL,
        first_Name      VARCHAR2(30)        NOT NULL,
        mI          VARCHAR2(2)         ,
        last_Name       VARCHAR2(50)        NOT NULL,
        street_Name     VARCHAR2(50)        NOT NULL,
        city            VARCHAR2(30)        NOT NULL,
        state           VARCHAR2(2)     NOT NULL,
        zip_Code        VARCHAR2(5)     NOT NULL,
        DOB         DATE            ,
        agent_ID        NUMBER              ,
        home_Phone      VARCHAR2(12)        UNIQUE,         
        cell_Phone      VARCHAR2(12)        UNIQUE,
        profession      VARCHAR2(30)            ,
        employer        VARCHAR2(30)            ,
        referrer        VARCHAR2(30)            
     );    

SQL DML

INSERT INTO customer 
VALUES (primary_ID.nextval,17,'Kito','M','Bradford','123 DeLancy Lane','Wabash','TX','12345','01-JAN-69',1,'222-222-2222','301-555-6874','software engineer','HPL', NULL);

INSERT INTO customer 
VALUES (primary_ID.nextval,18,'Morpheus',' ','Smith','1289 Matrix Lane','Idaho', 'NE', '45678','06-JUN-72',2,'321-654-9877','258-852-9635','doctor', 'The OC', NULL);

SELECT * FROM customer;  

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

々眼睛长脚气 2024-11-08 16:35:45

您没有插入变量的值。您正在插入变量名称。

替换

stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

preparedStatement = connection.prepareStatement("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
preparedStatement.setLong(1, Long.valueOf(custID));
preparedStatement.setLong(2, Long.valueOf(saleID));
preparedStatement.setString(3, firstName);
// ...
preparedStatement.executeUpdate();

请注意,不应使用字符串连接 + 将 SQL 字符串中的变量粘合在一起。它将完全受到 SQL 注入攻击。始终使用PreparedStatement。

You are not inserting the values of the variables. You are inserting variable names.

Replace

stmt.executeUpdate("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (custID, saleID, firstName, mInitial, lastName, streetName, city, state, zipCode, DOB, agentID, homePhone, cellPhone, profession, employer, referrer)");

by

preparedStatement = connection.prepareStatement("INSERT INTO customer 
                         (cust_ID, sale_ID, first_Name, mI, last_Name, street_Name, city, state, zip_Code, DOB, agent_ID, home_Phone, cell_Phone, profession, employer, referrer)"
                    + " VALUES 
                         (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
preparedStatement.setLong(1, Long.valueOf(custID));
preparedStatement.setLong(2, Long.valueOf(saleID));
preparedStatement.setString(3, firstName);
// ...
preparedStatement.executeUpdate();

Please note that you shouldn't use string concatenation + to glue the variables together in a SQL string. It would be totally open to SQL injection attacks. Use PreparedStatement all the way.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文