Here's my code
What's wrong with my code? Please helppublic void actionPerformed(ActionEvent e){
if(e.getSource().equals(save)){ //the save button
try {
// connection string
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/PizzaOrders");
Statement st = con.createStatement();
st.executeUpdate("insert into Register VALUES('"
+ CustomerID.getText() + "','" + fname.getText() + "','"
+ lname.getText() + "','" + telnum.getText()
+ "','" + city.getText() + "','" + zcode.getText()
+ "','" + status.getText() + "','" + creditcard.getText()
+ "','" + orderdate.getText() + "','" + deliveryfee.getText()
+ "'," + "'" + quantity.getText() + "','"
+ itemcost.getText() + "','" + TotalCost.getText() +"')");
JOptionPane.showConfirmDialog(null, "Orders saved!",
"Result", JOptionPane.DEFAULT_OPTION,
JOptionPane.PLAIN_MESSAGE);
st.close();
con.close();
}catch(SQLException err){
err.printStackTrace();
}
}
解决方案!!!!DO NOT USE CONCATENATION TO FORM AN SQL STATEMENT!!!!
!!!!!ESPECIALLY WITH TEXT VALUES ENTERED BY THE USER!!!!!
Find out how to use a parameterized query in your framework.