Javascript页面没有';不显示数据库值
我想以树格式显示每个数据库的所有数据库和表。因此,我在代码中编写了一个代码Jsp页面,获取数据库名和表名,并将其传递给javascript页面。但在我的代码中,Javascript页面只显示一个数据库名称。有人能帮我找出原因吗?我的代码: LeftFrameset.jspJavascript页面没有';不显示数据库值,javascript,jsp,Javascript,Jsp,我想以树格式显示每个数据库的所有数据库和表。因此,我在代码中编写了一个代码Jsp页面,获取数据库名和表名,并将其传递给javascript页面。但在我的代码中,Javascript页面只显示一个数据库名称。有人能帮我找出原因吗?我的代码: LeftFrameset.jsp <%-- Document : LeftFrameset Created on : Nov 13, 2014, 1:10:22 PM Author : user --%> <%@page
<%--
Document : LeftFrameset
Created on : Nov 13, 2014, 1:10:22 PM
Author : user
--%>
<%@page import="querywork.DBConnection"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.DatabaseMetaData"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.Connection"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<HTML>
<!--------------------------------------------------------------->
<!-- Copyright (c) 2006 by Conor O'Mahony. -->
<!-- For enquiries, please email GubuSoft@GubuSoft.com. -->
<!-- Please keep all copyright notices below. -->
<!-- Original author of TreeView script is Marcelino Martins. -->
<!--------------------------------------------------------------->
<!-- This document includes the TreeView script. The TreeView -->
<!-- script can be found at http://www.TreeView.net. The -->
<!-- script is Copyright (c) 2006 by Conor O'Mahony. -->
<!--------------------------------------------------------------->
<!-- Instructions: -->
<!-- - Through the <STYLE> tag you can change the colors and -->
<!-- types of fonts to the particular needs of your site. -->
<!-- - A predefined block with black background has been -->
<!-- made for stylish people :-) -->
<!--------------------------------------------------------------->
<HEAD>
<!-- This is the <STYLE> block for the default styles. If -->
<!-- you want the black background, remove this <STYLE> -->
<!-- block. -->
<STYLE>
BODY {
background-color: white;}
TD {
font-size: 10pt;
font-family: verdana,helvetica;
text-decoration: none;
white-space:nowrap;}
A {
text-decoration: none;
color: black;}
.specialClass {
font-family:garamond;
font-size:12pt;
color:green;
font-weight:bold;
text-decoration:underline}
</STYLE>
<!-- If you want the black background, replace the contents -->
<!-- of the <STYLE> tag above with the following...
BODY {
background-color: black;}
TD {
font-size: 10pt;
font-family: verdana,helvetica;
text-decoration: none;
white-space:nowrap;}
A {
text-decoration: none;
color: white;}
<!-- This is the end of the <STYLE> contents. -->
<!-- Code for browser detection. DO NOT REMOVE. -->
<SCRIPT src="ua.js"></SCRIPT>
<!-- Infrastructure code for the TreeView. DO NOT REMOVE. -->
<SCRIPT src="ftiens4.js"></SCRIPT>
<!-- Scripts that define the tree. DO NOT REMOVE.
<SCRIPT src="demoFramesetNodes.js"></SCRIPT> -->
</HEAD>
<BODY topmargin="16" marginheight="16">
<!------------------------------------------------------------->
<!-- IMPORTANT NOTICE: -->
<!-- Removing the following link will prevent this script -->
<!-- from working. Unless you purchase the registered -->
<!-- version of TreeView, you must include this link. -->
<!-- If you make any unauthorized changes to the following -->
<!-- code, you will violate the user agreement. If you want -->
<!-- to remove the link, see the online FAQ for instructions -->
<!-- on how to obtain a version without the link. -->
<!------------------------------------------------------------->
<DIV style="position:absolute; top:0; left:0;"><TABLE border=0><TR><TD><FONT size=-2><A style="font-size:7pt;text-decoration:none;color:silver" href="http://www.treemenu.net/" target=_blank>Javascript Tree Menu</A></FONT></TD></TR> </TABLE></DIV>
<%
try {
String responseText = "";
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/", "root", "");
DatabaseMetaData dbmd = conn.getMetaData();
ResultSet ctlgs = dbmd.getCatalogs();
while (ctlgs.next()) {
String text = "";
String db = ctlgs.getString(1);
DBConnection dbc = new DBConnection(db);
ResultSet rs = dbc.SelectTable();
while (rs.next()) {
String tableName = rs.getString("TABLE_NAME");
text += tableName + ",";
}
%>
<!--Scripts that define the tree. DO NOT REMOVE. -->
<input type="hidden" name="value1" id="hiddenvalue1" value=>
<input type="hidden" name="value" id="hiddenvalue" value=<%=ctlgs.getString(1)%>>
<SCRIPT src="demoFramesetNodes.js"></SCRIPT>
<%
}
} catch (Exception e) {
out.println(e);
}%>
<!-- Build the browser's objects and display default view -->
<!-- of the tree. -->
<SCRIPT>initializeDocument()</SCRIPT>
<NOSCRIPT>
A tree for site navigation will open here if you enable JavaScript in your browser.
</NOSCRIPT>
</BODY>
</HTML>
好的,在你的评论之后,我开始认为我理解你的问题 让我们把与数据库的对话从图片中去掉,因为这不是问题所在。最终,JSP生成的HTML与此类似:
<input type="hidden" name="value1" id="hiddenvalue1" value=>
<input type="hidden" name="value" id="hiddenvalue" value=information_schema>
<SCRIPT src="demoFramesetNodes.js"></SCRIPT>
<input type="hidden" name="value1" id="hiddenvalue1" value=>
<input type="hidden" name="value" id="hiddenvalue" value=mysql>
<SCRIPT src="demoFramesetNodes.js"></SCRIPT>
<input type="hidden" name="value1" id="hiddenvalue1" value=>
<input type="hidden" name="value" id="hiddenvalue" value=user>
<SCRIPT src="demoFramesetNodes.js"></SCRIPT>
<input type="hidden" name="value1" id="hiddenvalue1" value=>
<input type="hidden" name="value" id="hiddenvalue" value=test>
<SCRIPT src="demoFramesetNodes.js"></SCRIPT>
在本例中,您有7个ID为hiddenvalue
的元素。ID在HTML页面中是唯一的。我不知道有任何JavaScript规范会说明如果使用非唯一的ID调用document.getElementById
会发生什么,但如果它是未定义的行为,我也不会感到惊讶。如果是未定义的行为,浏览器将在其权限范围内返回具有给定ID的第一个元素、最后一个此类元素、这些元素中的任意一个,甚至null
。在您的情况下,看起来您的浏览器正在返回第一个元素。因此,您会收到七次信息\u schema
警报
解决这个问题的一种方法是在JSP中写出对str
和str1
的赋值,而不是将它们放在隐藏的表单输入中,并在demoFramesetNodes.js
的开头读取它们。因此,JSP将包含以下内容,而不是
行:
<SCRIPT type="text/javascript">
var str = "<%= ctlgs.getString(1) %>";
var str1 = "<%= text %>";
</SCRIPT>
这将导致以下输出:
var str = "x";document.location='http://www.evil.com/';//";
这将导致浏览器导航到www.evil.com
显然,这是不可取的,并且是一种称为跨站点脚本(XSS)的安全漏洞攻击。这个安全问题可以通过以下方法避免。我认为错误可能在
DBConnection
类中。我不认识这个名字,所以我想它是你的名字——对吗?如果您没有与我们共享该类的代码,我们很难帮助您发现该类的任何问题。但我不认为这是代码的问题。无论如何,请检查一下代码。您的应用程序是否在JSP中的while(ctlgs.next())
循环的一次迭代中抛出异常?页面中的内容是在一个数据库名之后写出的,还是以一个表名结尾?如果将JSP中的while(ctlgs.next())
循环的内容替换为一行只写出数据库名称,会发生什么情况?当我在while(ctlgs.next())循环中简单地显示名称时,我已经正确地获得了JSP页面中的所有数据库名称和表名。问题是当这些值传递给“DemoFramesetNodes.js”文件。在js文件中,我也尝试在一个警报框中显示所有名称。但它显示了“information_schema”(数据库名称)7次(因为循环用于获取每个db名称7次)。希望您理解这种情况。
var str = document.getElementById("hiddenvalue").value
<SCRIPT type="text/javascript">
var str = "<%= ctlgs.getString(1) %>";
var str1 = "<%= text %>";
</SCRIPT>
var str = "x";document.location='http://www.evil.com/';//";