这是我在java中的sql语句。
//validating for employee no exits in database or not
String importTable = getConfig().getImportTable();
String sql = "update "
+ importTable
+ " set errMsg = case when errMsg is null or errMsg ='' then '' else errMsg + '<br>' end "
+ "+ 'Employeeno doesn't exists in the database.(' + employeeno + ')' "
+ " where employeeno is not null and not exists (select * from uae_empinfo where employee = "
+ importTable + ".cid)";
executeCommand(sql);
这是错误: -
org.springframework.dao.DataIntegrityViolationException: StatementCallback; SQL []; Invalid SQL statement or JDBC escape, terminating ''' not found.; nested exception is java.sql.SQLException: Invalid SQL statement or JDBC escape, terminating ''' not found.
答案 0 :(得分:3)
您的问题是这里有一个嵌入式单引号:
+ "+ 'Employeeno doesn't exists in the database.(' + employeeno + ')' "
// -------------------^
所以你最终得到了不平衡的单引号和无效的SQL。在尝试将其转换为SQL之前,您需要正确转义文本。
答案 1 :(得分:2)
您需要使用PreparedStatement。