Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/402.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javaservlet插入MySQL_Java_Mysql_Database_Servlets_Insert - Fatal编程技术网
Fatal编程技术网
  • java/
  • Javaservlet插入MySQL

Javaservlet插入MySQL

java mysql database servlets

Javaservlet插入MySQL,java,mysql,database,servlets,insert,Java,Mysql,Database,Servlets,Insert,我试图将HTML表单中的记录插入MySQL数据库。我已经关闭了HTML和Jquery,但是我的Servlet有问题。我没有立即注意到它有什么问题,但是如果我能在正确的方向上得到一个点,我就可以越过我现在的位置。谢谢 package com.david.servlets; import java.io.IOException; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.SQLExc

我试图将HTML表单中的记录插入MySQL数据库。我已经关闭了HTML和Jquery,但是我的Servlet有问题。我没有立即注意到它有什么问题,但是如果我能在正确的方向上得到一个点,我就可以越过我现在的位置。谢谢

package com.david.servlets;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;


/**
 * Servlet implementation class myForm
 */

public class myForm extends HttpServlet {

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException
        {
              //Get parameters
            String id = request.getParameter("ID");
            String fname = request.getParameter("FirstName");
            String lname = request.getParameter("LastName");


            //Get Connection
            try {
                Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
            } catch (ClassNotFoundException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            System.out.println("Found a driver");
            Connection dbConnect = null;
            try {
                dbConnect = getConnection("localhost", 7001);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (NamingException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }


            System.out.println("Made a connection");


                //Create Query
            String query = "INSERT INTO test.customer (ID, FirstName, LastName) " + 
                    "VALUES (" + id + ", " + fname + ", " + lname + ")";
            PreparedStatement dbStatement = null;
            try {
                dbStatement = dbConnect.prepareStatement(query);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            //Execute Query
            try {
                dbStatement.executeUpdate(query);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

            //close connection
            try {
                dbStatement.close();
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            try {
                dbConnect.close();
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

        }





public Connection getConnection(String server, int port)
        throws SQLException, NamingException {
    Context ctx = null;
    Hashtable ht = new Hashtable();
    ht.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
    ht.put(Context.PROVIDER_URL, "t3://"+server+":"+port);
    ctx = new InitialContext(ht);
    DataSource ds = (javax.sql.DataSource) ctx.lookup ("localmysql");
    Connection conn =  ds.getConnection();
    //conn.setAutoCommit( true );
    return conn;
}    





}

fname
lname
文本字段周围缺少一些单引号:

String query = "INSERT INTO test.customer (ID, FirstName, LastName) " + 
           "VALUES (" + id + ", '" + fname + "', '" + lname + "')";
注意:最安全的方法是使用
PreparedStatement
占位符,而不是执行
String
连接。它们不仅可以防止攻击,还可以管理引号字符

String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
PreparedStatement dbStatement = dbConnect.prepareStatement(query);
dbStatement.setInt(1, Integer.parseInt(id));
dbStatement.setString(2, fname);
dbStatement.setString(3, lname);

Id
字段通常是整数类型)

fname
lname
文本字段周围缺少一些单引号:

String query = "INSERT INTO test.customer (ID, FirstName, LastName) " + 
           "VALUES (" + id + ", '" + fname + "', '" + lname + "')";
注意:最安全的方法是使用
PreparedStatement
占位符,而不是执行
String
连接。它们不仅可以防止攻击,还可以管理引号字符

String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
PreparedStatement dbStatement = dbConnect.prepareStatement(query);
dbStatement.setInt(1, Integer.parseInt(id));
dbStatement.setString(2, fname);
dbStatement.setString(3, lname);

Id
字段通常是整数类型)

在我看来很好,但是,您使用的是PreparedStatement,而不是通过查询构造获得任何好处。有关解决方案,请参见我的示例代码,如下所示:

   //Get Connection
    try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    } catch (ClassNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    System.out.println("Found a driver");
    Connection dbConnect = null;
    try {
        dbConnect = getConnection("localhost", 7001);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NamingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }


    System.out.println("Made a connection");


        //Create Query
    String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
    PreparedStatement dbStatement = null;
    try {
        dbStatement = dbConnect.prepareStatement(query);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    // set parameters
    try {
        dbStatement.setString(1, ID);
        dbStatement.setString(2, fname);
        dbStatement.setString(3, lname);
    } catch (SQLException e) {
        e.printStackTrace();
    }
    //Execute Query
    try {
        if (dbStatement.executeUpdate(query) == 0) { 
            System.err.println("Nothing inserted"); 
        }
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    //close connection
    try {
        dbStatement.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    try {
        dbConnect.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}
在我看来很好,但是,您使用的是PreparedStatement,而不是通过查询构造获得任何好处。有关解决方案,请参见我的示例代码,如下所示:

   //Get Connection
    try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    } catch (ClassNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    System.out.println("Found a driver");
    Connection dbConnect = null;
    try {
        dbConnect = getConnection("localhost", 7001);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NamingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }


    System.out.println("Made a connection");


        //Create Query
    String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
    PreparedStatement dbStatement = null;
    try {
        dbStatement = dbConnect.prepareStatement(query);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    // set parameters
    try {
        dbStatement.setString(1, ID);
        dbStatement.setString(2, fname);
        dbStatement.setString(3, lname);
    } catch (SQLException e) {
        e.printStackTrace();
    }
    //Execute Query
    try {
        if (dbStatement.executeUpdate(query) == 0) { 
            System.err.println("Nothing inserted"); 
        }
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    //close connection
    try {
        dbStatement.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    try {
        dbConnect.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}
除了其他人指出的缺少引号之外,我想补充一点,您使用的
PreparedStatement
不正确。你首先准备的是

dbStatement = dbConnect.prepareStatement(query);
然后执行已经准备好的查询

您不必要地创建了一个新的,并使用

dbStatement.executeUpdate(query);
这不会导致任何错误或抛出异常,但这是执行JDBC的错误方法。

除了其他人指出的缺少引号之外,我想补充一点,您使用的
PreparedStatement
不正确。你首先准备的是

dbStatement = dbConnect.prepareStatement(query);
然后执行已经准备好的查询

您不必要地创建了一个新的,并使用

dbStatement.executeUpdate(query);
这不会导致任何错误或抛出异常,但这是执行JDBC的错误方法。

它在哪里失败?Stacktraces?它在哪里失败?Stacktraces?这很有效,谢谢,对占位符的建议也很好。这很有效,谢谢,对占位符的建议也很好。一旦我获得更多的声誉,我就会加入=)一旦我获得更多的声誉,我就会加入=)