问题
This answer to this question done this way seems to be very difficult to find on the internet. Basically I am inserting values into a MySQL database using PreparedStatement. I use the PreparedStatement to escape the data to prevent SQL Injection attacks. The problem is, there is now way retreving those keys.
String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error
So how can I escape input and use PreparedStatements in Java?
回答1:
pass Statement.RETURN_GENERATED_KEYS in prepareStatement() along with your query. And then use getGeneratedKeys() of PreparedStatement to get the ResultSet containing your inserted auto_incremented_id.
String query="Insert INTO Table_A(name, age) (?, ?)";
//String query="Insert INTO Table_A(name, age) ('abc','123' )";//Doesn't escape
PreparedStatement prest;
prest = con.prepareStatement(query, Statement.RETURN_GENERATED_KEYS);
prest.setString(1,"abc");
prest.setInt(2,123);
prest.executeUpdate();
//prest.executeUpdate(query, PreparedStatement.RETURN_GENERATED_KEYS); Throws an error
//prest.executeQuery(); Throws an error
ResultSet rs = prest.getGeneratedKeys();
if(rs.next())
{
int last_inserted_id = rs.getInt(1);
}
回答2:
Use java.sql.ResultSet java.sql.Statement.getGeneratedKeys() to retrieve your generated keys.
回答3:
If you can't use RETURN_GENERATED_KEYS, use another statement (a query this time) to do
SELECT last_insert_id()
Make sure that you definitely have an auto-increment primary key column in that table.
来源:https://stackoverflow.com/questions/5513180/java-preparedstatement-retrieving-last-inserted-id