当前位置: 代码迷 >> Java Web开发 >> Java SQL 异常 HelpHelpHelpHelpHelpHelpHelpHelpHelp
  详细解决方案

Java SQL 异常 HelpHelpHelpHelpHelpHelpHelpHelpHelp

热度:428   发布时间:2009-09-30 08:21:06.0
Java SQL 异常 HelpHelpHelpHelpHelpHelpHelpHelpHelp
public List  News(int i,int b)
{
List list=new ArrayList();
PreparedStatement pstmt = null;
DbUtil con=new DbUtil();
int c=i*b+1;
Connection  connnection=con.getConn();
     try{
     String sql="SELECT TOP ? * FROM news WHERE (ID >=(SELECT MAX(ID) FROM (SELECT TOP ? ID FROM news ORDER BY ID) AS T)) ORDER BY ID";
     pstmt=connnection.prepareStatement(sql);
     pstmt.setInt(1, i);
     pstmt.setInt(2, c);
     ResultSet rs =pstmt.executeQuery();
     while(rs.next())
     {
    System.out.println("-----------------OK------------");
    News  news=new News();  
    String str=rs.getString("title");
    news.setTitle(str);
    System.out.println(str);
    list.add(news);
     }
     connnection.close();
     }catch(Exception ex)
     {
         ex.printStackTrace();
     }
     return  list;
}

出这样的错!!!怎么呢? 我把 ?? 换成数字在查询分析器里执行SQL语句可以查到结果啊   哪位前辈帮帮我这个菜鸟
java.sql.SQLException: [Microsoft][ODBC SQL Server Driver][SQL Server]第 1 行: '@P1' 附近有语法错误。
at sun.jdbc.odbc.JdbcOdbc.createSQLException(Unknown Source)
at sun.jdbc.odbc.JdbcOdbc.standardError(Unknown Source)
at sun.jdbc.odbc.JdbcOdbc.SQLExecute(Unknown Source)
at sun.jdbc.odbc.JdbcOdbcPreparedStatement.execute(Unknown Source)
at sun.jdbc.odbc.JdbcOdbcPreparedStatement.executeQuery(Unknown Source)
at com.xinya.dao.NewsInfoDao.News(NewsInfoDao.java:160)
搜索更多相关主题的帖子: Java  SQL  

----------------解决方案--------------------------------------------------------
upupupup
----------------解决方案--------------------------------------------------------
没见过这样引用?的,你要不改成用存储过程试下。
----------------解决方案--------------------------------------------------------
public List  News(int i,int b)
{  
List list=new ArrayList();
PreparedStatement pstmt = null;
DbUtil con=new DbUtil();
int c=i*b+1;
  Connection  connnection=con.getConn();
     try{
           String sql="SELECT TOP "+i+" * FROM news WHERE (ID >=(SELECT MAX(ID) FROM (SELECT TOP "+c+" ID FROM news ORDER BY ID) AS T)) ORDER BY ID";
           pstmt=connnection.prepareStatement(sql);
             ......
}

为了进度的需要 ,我把代码改成这样就不报错了,不过这样写是可以注入式攻击的!前面的错误到底是哪个地方错了 现在还没明白,谁来帮帮我,upupupupupupup........
----------------解决方案--------------------------------------------------------
  相关解决方案