Fatal编程技术网
  • java/
  • Java servlet中的我的sql错误

Java servlet中的我的sql错误

java mysql database servlets

Java servlet中的我的sql错误,java,mysql,database,servlets,Java,Mysql,Database,Servlets,我正在尝试学习使用Javaservlet的简单数据库连接。我的代码应该采用表单数据,检查表并创建(如果未创建),将数据添加到表中,检查是否选中了删除复选框,如果选中,则删除表并最终返回索引页 我在glassfish中收到一条错误消息(不知怎么的,它是法语,语言是英语) 这是我的小服务 处理程序servlet: public class tilausServlet extends HttpServlet { tietokantaYhteysJava myconnection = new tiet

我正在尝试学习使用Javaservlet的简单数据库连接。我的代码应该采用表单数据,检查表并创建(如果未创建),将数据添加到表中,检查是否选中了删除复选框,如果选中,则删除表并最终返回索引页

我在glassfish中收到一条错误消息(不知怎么的,它是法语,语言是英语)

这是我的小服务

处理程序servlet:

public class tilausServlet extends HttpServlet {

tietokantaYhteysJava myconnection = new tietokantaYhteysJava();
String tiedot02 = null;
String tiedot03 = null;
String tiedot04 = null;
String poista = null;

private void readFormData(HttpServletRequest request, HttpServletResponse response) throws SQLException {
    tiedot02 = request.getParameter("tiedot02");
    tiedot03 = request.getParameter("tiedot03");
    tiedot04 = request.getParameter("tiedot04");

    if(request.getParameter("poista")!=null){

        myconnection.poistaTaulu();

    }

}

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException, SQLException {
    response.setContentType("text/html;charset=UTF-8");
    myconnection.initDatabaseConnection();
    readFormData(request, response);
    boolean result = false;
    PrintWriter temp = response.getWriter();
    try {
        result = myconnection.writeToDB(tiedot02, tiedot03, tiedot04, request);
        if (result==true){                                
            RequestDispatcher rd=request.getRequestDispatcher("/index.html");
            rd.forward(request, response);

        }
        else{
            temp.println("Tulostus, jos tietokantakirjoitus palauttaa arvon: False");
        }


    } catch (NoSuchAlgorithmException ex) {
        Logger.getLogger(tilausServlet.class.getName()).log(Level.SEVERE, null, ex);
    } catch (UnsupportedEncodingException ex) {
        Logger.getLogger(tilausServlet.class.getName()).log(Level.SEVERE, null, ex);
    }
}
数据库连接servlet:

public class tietokantaYhteysJava {
   HttpServletResponse commonResponse = null;
   HttpServletRequest commonRequest = null;
   PrintWriter commonOut =null;

   static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";  
   static final String DB_URL = "jdbc:mysql://localhost/kanta01";

   static final String USER = "root";
   static final String PASS = "";
   private Statement stmt = null;
   private Connection conn = null;


   public Statement getstmt(){
       if(stmt==null){
          initDatabaseConnection();
          return this.stmt;
       }       
       return this.stmt;
   }
   public Connection getconn(){
       return this.conn;
   }

    protected void initDatabaseConnection(){

        try{
            Class.forName(JDBC_DRIVER);

            conn = DriverManager.getConnection(DB_URL,USER,PASS);

            stmt = conn.createStatement();

            String sql = "CREATE TABLE IF NOT EXISTS `tiedot` (" +
            "  `ID` int(50) NOT NULL AUTO_INCREMENT,\n" +
            "  `tiedot02` text NOT NULL,\n" +
            "  `tiedot03` text NOT NULL,\n" +
            "  `tiedot04` text NOT NULL,\n" +
            "  `aikaleima` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n" +
            "  PRIMARY KEY (`ID`)"; 

            stmt.executeUpdate(sql);

            System.out.println("Taulu luotu");

            if (conn.isClosed()){
                System.out.println("yhteys ei onnistunut");
            }else{
                System.out.println("yhteys onnistui");
            }          
        }
        catch(SQLException | ClassNotFoundException se){
            System.out.println(se.toString());
        }

   }

    public void poistaTaulu() throws SQLException{

        stmt = conn.createStatement();

        String sql3 = "DROP TABLE tiedot";

        stmt.executeUpdate(sql3);

    }

    protected boolean writeToDB(String tiedot02, String tiedot03, String tiedot04, HttpServletRequest request) throws NoSuchAlgorithmException, UnsupportedEncodingException{
        try{

            stmt = conn.createStatement();

            String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ("+tiedot02+", "+tiedot03+", "+tiedot04+")";

            stmt.executeUpdate(sql2);

            System.out.println("Tiedot lisätty");                       
            return true;                      

        }catch (SQLException ex){
            System.out.println("Virhe: "+ex.toString());
            return false;
        } 
    }


}
insert语句中有错误,即字符串字段缺少引号:

String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ("+tiedot02+", "+tiedot03+", "+tiedot04+")";
应该是:

String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ('"+tiedot02+"', '"+tiedot03+"', '"+tiedot04+"')";
                                                                         ^            ^   ^            ^  ^            ^
<>为了避免这个引用问题,你应该考虑使用PeriaReScript语句来避免SQL注入漏洞。

String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ('"+tiedot02+"', '"+tiedot03+"', '"+tiedot04+"')";
                                                                         ^            ^   ^            ^  ^            ^