Using Update statement with MS Access 2010 database in JAVA

问题

Hi I am developing a small application for insurance domain. I am getting an error when I am using the update statement in my program.

The error is net.ucanaccess.jdbc.UcanaccessSQLException: unexpected token: HALF java.lang.NullPointerException

The code is

btnUpdate = new JButton("UPDATE");
btnUpdate.setMnemonic('U');
btnUpdate.setFont(new Font("Times New Roman", Font.BOLD, 11));
GridBagConstraints gbc_btnUpdate = new GridBagConstraints();
gbc_btnUpdate.insets = new Insets(0, 0, 5, 5);
gbc_btnUpdate.gridx = 3;
gbc_btnUpdate.gridy = 3;
contentPane.add(btnUpdate, gbc_btnUpdate);
btnUpdate.setVisible(false);
btnUpdate.addActionListener(new ActionListener() {
    @Override
    public void actionPerformed(ActionEvent ae) {
        Statement stmt = null;
        ResultSet rset = null;
        Calendar currcal = Calendar.getInstance();
        SimpleDateFormat df;
        df = new SimpleDateFormat("dd-MM-yyyy");
        Date getcurrdate = currcal.getTime();
        String currdate = df.format(getcurrdate);       
        System.out.println(getModeID + "," + getModeofPaymentDescription + "," + getModeofPaymentType + "," + currdate);
        try {
            getModeofPaymentDescription=txt_Mode_Of_Payment_Description.getText().toUpperCase();
            getModeofPaymentType=txt_Mode_Of_Payment_Type.getText().toUpperCase();

            stmt = dbcon.DB_Connection("//F://eclipse_Luna_64_Development_Workspace//ProjectJAVA//LIC_AGENCY_TRACKER//DATABASE//LIC_DATA_TRACKER.accdb").createStatement();
            stmt.executeUpdate("update Mode_Of_Payment_Profile set Mode_Of_Payment_Profile_Type='" + getModeofPaymentType + "'"
                            + "',Mode_Of_Payment_Profile_Description='" + getModeofPaymentDescription + "',Mode_Of_Payment_Profile_Creation_Date='" + currdate + "'"
                            + " where Mode_Of_Payment_Profile_ID='" + getModeID + "'");
        } catch (Exception e) {
            //JOptionPane.showMessageDialog(null, "Database Error", "Error Message", JOptionPane.OK_OPTION);
            System.out.println(e);
        }

        txt_Mode_Of_Payment_Description.setText("");
        txt_Mode_Of_Payment_Type.setText("");
        btnAdd.setEnabled(true);
        btnModify.setVisible(true);
        btnUpdate.setVisible(false);
        txt_Mode_Of_Payment_Description.requestFocus();

        try {
            stmt.close();
            rset.close();
            dbcon.DB_Connection("//F://eclipse_Luna_64_Development_Workspace//Project JAVA//LIC_AGENCY_TRACKER//DATABASE//LIC_DATA_TRACKER.accdb").close();
        } catch (Exception e) {
            System.out.println(e);
        }
    }
});

回答1:

You have a typo in the lines building your SQL string.

There's a single quote at the end of the line where you're inserting a value for ModeofPaymentType:

"update Mode_Of_Payment_Profile set Mode_Of_Payment_Profile_Type='"+getModeofPaymentType+"'"

The following line starts with

+ "',Mode_Of_Payment_Profile_Description='"

resulting in an extra single quote getting inserted after your modeofPaymentType value. The resulting SQL will look like

update Mode_Of_Payment_Profile set Mode_Of_Payment_Profile_Type='mode'',Mode_Of_Payment_Profile_Description='FOO'
,Mode_Of_Payment_Profile_Creation_Date='15-07-2015'
where Mode_Of_Payment_Profile_ID='someid'

The two adjacent single-quotes get treated as an escaped single-quote, so the parser thinks the literal string is "mode',Mode_Of_Payment_Profile_Description=", then it thinks the next token is whatever value you're passing in for Mode_Of_Payment_Profile_Description.

If you were to replace use of java.sql.Statement with java.sql.PreparedStatement then your update could look like this:

String connectParams = "//F://eclipse_Luna_64_Development_Workspace//Project JAVA//LIC_AGENCY_TRACKER//DATABASE//LIC_DATA_TRACKER.accdb";
Connection connection = dbcon.DB_Connection(connectParams);
PreparedStatement ps = connection.prepareStatement(
    "update Mode_Of_Payment_Profile set" 
    + " Mode_Of_Payment_Profile_Type=?"
    + ", Mode_Of_Payment_Profile_Description=?"
    + ", Mode_Of_Payment_Profile_Creation_Date=?"
    + " where Mode_Of_Payment_Profile_ID=?");
ps.setString(1, getModeofPaymentType);
ps.setString(2, getModeofPaymentDescription);
ps.setString(3, currdate); 
ps.setString(4, getModeID);

This way you don't have to do error-prone things like inserting arguments using string concatenation and handling the quoting yourself. It reduces the opportunities for SQL injection (since the PreparedStatement will look out for embedded escape characters) and is more readable.

来源：https://stackoverflow.com/questions/31435940/using-update-statement-with-ms-access-2010-database-in-java