基于MySQL的Java网络编程
大家好,我正在尝试为我的java网站创建一个注册servlet,但是我收到了这个错误,我不理解,因为第1行没有任何内容 Error.com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法有错误;检查与MySQL服务器版本相对应的手册,以获取第1行中使用的正确语法 下面是我的servlet代码基于MySQL的Java网络编程,java,mysql,servlets,Java,Mysql,Servlets,大家好,我正在尝试为我的java网站创建一个注册servlet,但是我收到了这个错误,我不理解,因为第1行没有任何内容 Error.com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法有错误;检查与MySQL服务器版本相对应的手册,以获取第1行中使用的正确语法 下面是我的servlet代码 import java.io.IOException; import java.io.PrintWriter; import
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class CreateTutor
*/
@WebServlet("/CreateTutor")
public class CreateTutor extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public CreateTutor() {
super();
// TODO Auto-generated constructor stub
}
private String uniid = "";
private String name = "";
private String password = "";
private String email = "";
private int access_level = 3;
public void init() {
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/wae","root","");
System.out.println("JDBC driver loaded");
}
catch (ClassNotFoundException e) {
System.out.println(e.toString());
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**Process the HTTP Get request*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException,IOException {
sendPageHeader(response);
sendRegistrationForm(request, response, false);
sendPageFooter(response);
}
/**Process the HTTP Post request*/
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
sendPageHeader(response);
uniid = request.getParameter("uniid");
name = request.getParameter("name");
password = request.getParameter("password");
email = request.getParameter("email");
boolean error = false;
String message = null;
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/wae","root","");
System.out.println("got connection");
Statement s = con.createStatement();
String sql = "SELECT name FROM user" +
" WHERE name='" + name + "'";
ResultSet rs = s.executeQuery(sql);
if (rs.next()) {
rs.close();
message = "The user name <B>" + name +
"</B> has been taken. Please select another name.";
error = true;
}
else {
rs.close();
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "',)";
int i = s.executeUpdate(sql);
if (i==1) {
message = "Successfully added one user.";
}
}
s.close();
con.close();
}
catch (SQLException e) {
message = "Error." + e.toString();
error = true;
}
catch (Exception e) {
message = "Error." + e.toString();
error = true;
}
if (message!=null) {
PrintWriter out = response.getWriter();
out.println("<B>" + message + "</B><BR>");
out.println("<HR><BR>");
}
if (error==true)
sendRegistrationForm(request, response, true);
else
sendRegistrationForm(request, response, false);
sendPageFooter(response);
}
/**
* Send the HTML page header, including the title
* and the <BODY> tag
*/
private void sendPageHeader(HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<HTML>");
out.println("<HEAD>");
out.println("<TITLE>Registration Page</TITLE>");
out.println("</HEAD>");
out.println("<BODY>");
out.println("<CENTER>");
}
/**
* Send the HTML page footer, i.e. the </BODY>
* and the </HTML>
*/
private void sendPageFooter(HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("</CENTER>");
out.println("</BODY>");
out.println("</HTML>");
}
/**Send the form where the user can type in
* the details for a new user
*/
private void sendRegistrationForm(HttpServletRequest request,
HttpServletResponse response, boolean displayPreviousValues)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("<BR><H2>Registration Page</H2>");
out.println("<BR>Please enter the user details.");
out.println("<BR>");
out.println("<BR><FORM METHOD=POST>");
out.println("<TABLE>");
out.println("<TR>");
out.println("<TD>Uni Id</TD>");
out.print("<TD><INPUT TYPE=TEXT Name=uniid");
if (displayPreviousValues)
out.print(" VALUE=\"" + uniid + "\"");
out.println("></TD>");
out.println("</TR>");
out.println("<TR>");
out.println("<TD>Name</TD>");
out.print("<TD><INPUT TYPE=TEXT Name=name");
if (displayPreviousValues)
out.print(" VALUE=\"" + name + "\"");
out.println("></TD>");
out.println("</TR>");
out.println("<TR>");
out.println("<TD>Password</TD>");
out.print("<TD><INPUT TYPE=PASSWORD Name=password");
if (displayPreviousValues)
out.print(" VALUE=\"" + password + "\"");
out.println("></TD>");
out.println("</TR>");
out.println("<TR>");
out.println("<TD>Email</TD>");
out.print("<TD><INPUT TYPE=TEXT Name=email");
out.println("></TD>");
out.println("</TR>");
out.println("<TR>");
out.println("<TD>Access Level</TD>");
out.print("<TD><INPUT TYPE=int Name=access_level");
out.println("></TD>");
out.println("</TR>");
if (displayPreviousValues)
out.print(" VALUE=\"" + password + "\"");
out.println("></TD>");
out.println("</TR>");
out.println("<TR>");
out.println("<TD><INPUT TYPE=RESET></TD>");
out.println("<TD><INPUT TYPE=SUBMIT></TD>");
out.println("</TR>");
out.println("</TABLE>");
out.println("</FORM>");
out.println("<BR>");
out.println("<BR>");
}
}
select语句中有一个额外的逗号,而不是:
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "',)";
/|\
this ----------------------
应该是
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "')";
我不懂Java,但您应该使用Java或其他任何方式来清理数据,让您指定参数,而不是直接在sql语句中写入输入值。我认为问题在于:
"INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "',)
请注意查询结尾处的尾随逗号您遗漏了单引号&并且有exra逗号 “+电子邮件+”、+访问级别+”,;在你的代码里 它应该是“+电子邮件+”,“+访问级别+” 更改为:-
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "','" + access_level + "')";
您在查询后遗漏了后面的逗号。错误很明显:您发送到MySQL的SQL中存在语法错误。试着打印出你发送的内容,这比在代码中阅读要容易 但更重要的是,不要这样做 您应该使用PreparedStatement并绑定您的输入 变量。 您应该使用JNDI连接池。 您不应该硬连线您的连接细节-不是一次,而是两次! 将HTML编码到servlet中。最好将JSP与JSTL结合使用。 您没有验证您的输入。这是一种等待发生的SQL注入攻击。
这就足够了。在查询的末尾有一个额外的逗号: 更改以下内容
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "',)";
致:
我强烈建议你使用 这是SQL请求的第1行,而不是java程序的第1行。让您的程序将请求打印到控制台,并在控制台上进行调试。下一步,我没有删除结尾处的逗号,但我现在删除了。。您可以切换您的投票。仍然会出现错误error.com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,了解可使用的正确语法“在第1行投票人,您可以切换您的投票吗,在我更改我的帖子后??这是一项有要求的大学作业,不允许jstl,我们还没有显示PreparedStatement。好的,但当有一天到来时,您会想认识到这些想法。此外,为什么真正好奇的学生必须等待展示?您所要做的就是导航到javadocs,看看有什么不同,并将其合并到您的实现中。您将要进行的SQL注入研究可能会给您的教授留下深刻印象。如果我是你的教授,我会的。死记硬背;太多了,我只做了别人告诉我的事。把这个答案当作你的演讲。
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "',)";
sql = "INSERT INTO user" +
" (uniid, name, password, email, access_level)" +
" VALUES" +
" ('" + uniid + "'," +
" '" + name + "'," +
" '" + password + "'," +
" '" + email + "'," + access_level + "')";