Java servlet中的我的sql错误
我正在尝试学习使用Javaservlet的简单数据库连接。我的代码应该采用表单数据,检查表并创建(如果未创建),将数据添加到表中,检查是否选中了删除复选框,如果选中,则删除表并最终返回索引页 我在glassfish中收到一条错误消息(不知怎么的,它是法语,语言是英语) 这是我的小服务 处理程序servlet:Java servlet中的我的sql错误,java,mysql,database,servlets,Java,Mysql,Database,Servlets,我正在尝试学习使用Javaservlet的简单数据库连接。我的代码应该采用表单数据,检查表并创建(如果未创建),将数据添加到表中,检查是否选中了删除复选框,如果选中,则删除表并最终返回索引页 我在glassfish中收到一条错误消息(不知怎么的,它是法语,语言是英语) 这是我的小服务 处理程序servlet: public class tilausServlet extends HttpServlet { tietokantaYhteysJava myconnection = new tiet
public class tilausServlet extends HttpServlet {
tietokantaYhteysJava myconnection = new tietokantaYhteysJava();
String tiedot02 = null;
String tiedot03 = null;
String tiedot04 = null;
String poista = null;
private void readFormData(HttpServletRequest request, HttpServletResponse response) throws SQLException {
tiedot02 = request.getParameter("tiedot02");
tiedot03 = request.getParameter("tiedot03");
tiedot04 = request.getParameter("tiedot04");
if(request.getParameter("poista")!=null){
myconnection.poistaTaulu();
}
}
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
myconnection.initDatabaseConnection();
readFormData(request, response);
boolean result = false;
PrintWriter temp = response.getWriter();
try {
result = myconnection.writeToDB(tiedot02, tiedot03, tiedot04, request);
if (result==true){
RequestDispatcher rd=request.getRequestDispatcher("/index.html");
rd.forward(request, response);
}
else{
temp.println("Tulostus, jos tietokantakirjoitus palauttaa arvon: False");
}
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(tilausServlet.class.getName()).log(Level.SEVERE, null, ex);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(tilausServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
数据库连接servlet:
public class tietokantaYhteysJava {
HttpServletResponse commonResponse = null;
HttpServletRequest commonRequest = null;
PrintWriter commonOut =null;
static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";
static final String DB_URL = "jdbc:mysql://localhost/kanta01";
static final String USER = "root";
static final String PASS = "";
private Statement stmt = null;
private Connection conn = null;
public Statement getstmt(){
if(stmt==null){
initDatabaseConnection();
return this.stmt;
}
return this.stmt;
}
public Connection getconn(){
return this.conn;
}
protected void initDatabaseConnection(){
try{
Class.forName(JDBC_DRIVER);
conn = DriverManager.getConnection(DB_URL,USER,PASS);
stmt = conn.createStatement();
String sql = "CREATE TABLE IF NOT EXISTS `tiedot` (" +
" `ID` int(50) NOT NULL AUTO_INCREMENT,\n" +
" `tiedot02` text NOT NULL,\n" +
" `tiedot03` text NOT NULL,\n" +
" `tiedot04` text NOT NULL,\n" +
" `aikaleima` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n" +
" PRIMARY KEY (`ID`)";
stmt.executeUpdate(sql);
System.out.println("Taulu luotu");
if (conn.isClosed()){
System.out.println("yhteys ei onnistunut");
}else{
System.out.println("yhteys onnistui");
}
}
catch(SQLException | ClassNotFoundException se){
System.out.println(se.toString());
}
}
public void poistaTaulu() throws SQLException{
stmt = conn.createStatement();
String sql3 = "DROP TABLE tiedot";
stmt.executeUpdate(sql3);
}
protected boolean writeToDB(String tiedot02, String tiedot03, String tiedot04, HttpServletRequest request) throws NoSuchAlgorithmException, UnsupportedEncodingException{
try{
stmt = conn.createStatement();
String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ("+tiedot02+", "+tiedot03+", "+tiedot04+")";
stmt.executeUpdate(sql2);
System.out.println("Tiedot lisätty");
return true;
}catch (SQLException ex){
System.out.println("Virhe: "+ex.toString());
return false;
}
}
}
insert语句中有错误,即字符串字段缺少引号:
String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ("+tiedot02+", "+tiedot03+", "+tiedot04+")";
应该是:
String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ('"+tiedot02+"', '"+tiedot03+"', '"+tiedot04+"')";
^ ^ ^ ^ ^ ^
<>为了避免这个引用问题,你应该考虑使用PeriaReScript语句来避免SQL注入漏洞。
String sql2 = "insert into tiedot (tiedot02, tiedot03, tiedot04) values ('"+tiedot02+"', '"+tiedot03+"', '"+tiedot04+"')";
^ ^ ^ ^ ^ ^