我如何做好准备好的陈述？

您需要用问号替换值? 作为占位符。

 String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)" + " VALUES (?, ?, ?, ?, ?, ?)"; Connection connection = null; PreparedStatement statement = null; try { connection = database.getConnection(); statement = connection.prepareStatement(sql); statement.setLong(lastId + 1); // Why don't you use an generated sequence? This is plain ugly and errorprone. statement.setString(contact.getNaam()); statement.setString(contact.getAdres()); statement.setString(contact.getPostcode()); statement.setString(contact.getPlaats()); statement.setDate(new java.sql.Date(contact.getGeboren().getTime())); // Assuming it returns java.util.Date statement.executeUpdate(); } finally { // Always close in finally to prevent resource leaks. if (statement != null) try { statement.close(); } catch (SQLException ignore) {} if (connection != null) try { connection.close(); } catch (SQLException ignore) {} } 

也可以看看：

• JDBC教程 – 使用预准备语句

这是一个更好的方法：

 String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)" + " VALUES (?, ?, ?, ?, ?, ?)" try { connection = database.getConnection(); statement = connection.prepareStatement(sql); statement.setLong(1,your_id_value); statement.setString(2,contact.getNaam()); statement.setString(3,contact.getAdres()); statement.setString(5,contact.getPlaats()); // order doesn't matter now you can give the index of the parameter statement.setString(4,contact.getPostcode()); statement.setDate(6,getGeboren()); statement.executeUpdate(); // or System.out.println(statement.executeUpated()) to see how many row are effected by this query statement.close(); } catch(java.sql.Exception sql_exception ){ //you can see what goes wrong here with your statement e.printStackTrace(); }