Jdbc ExecuteUpdate()挂起,无法运行我的程序

Jdbc ExecuteUpdate()挂起,无法运行我的程序,jdbc,netbeans-8,Jdbc,Netbeans 8,我正在尝试用JDBC将这段代码作为我的.JSP文件的servlet运行在带有derby数据库的netbeans中。我的问题并没有超出“stmt.addBatch(query)”;它不会打印“hello”。我还在库中使用了derby.jar、derbyclient.jar和derbynet.jar 期待收到其他人的来信 import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletExc

我正在尝试用JDBC将这段代码作为我的.JSP文件的servlet运行在带有derby数据库的netbeans中。我的问题并没有超出“stmt.addBatch(query)”;它不会打印“hello”。我还在库中使用了derby.jar、derbyclient.jar和derbynet.jar

期待收到其他人的来信

 import java.io.IOException;
 import java.io.PrintWriter;
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet; 
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.sql.*;
 import java.io.*;
 import javax.sql.*;


protected void processRequest(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException {

    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
        /* TODO output your page here. You may use following sample code. */
        out.println("<!DOCTYPE html>");
        out.println("<html>");
        out.println("<head>");
        out.println("<title>Servlet Reg</title>");            
        out.println("</head>");
        out.println("<body>");
        String name=request.getParameter("name");
        String rate=request.getParameter("Rate");
        out.println(name);
        out.println(rate);
        Class.forName("org.apache.derby.jdbc.ClientDriver");

        Connection con=DriverManager.getConnection("jdbc:derby://localhost:1527/sample","APP","");
        Statement stmt=con.createStatement();

        String query="insert into movie values('"+rate+"','" +name+ "')";

        stmt.addBatch(query);
        out.println("hello");

        stmt.close();
        con.close();
        out.println("</body>");
        out.println("</html>");
    } catch(Exception e){
        e.printStackTrace();
    } finally {
        out.close();
    }
}
import java.io.IOException;
导入java.io.PrintWriter;
导入javax.servlet.ServletException;
导入javax.servlet.annotation.WebServlet;
导入javax.servlet.http.HttpServlet;
导入javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpServletResponse;
导入java.sql.*;
导入java.io.*;
导入javax.sql.*;
受保护的void processRequest(HttpServletRequest请求,HttpServletResponse响应)引发ServletException,IOException{
setContentType(“text/html;charset=UTF-8”);
PrintWriter out=response.getWriter();
试一试{
/*TODO在此处输出您的页面。您可以使用以下示例代码*/
out.println(“”);
out.println(“”);
out.println(“”);
out.println(“Servlet Reg”);
out.println(“”);
out.println(“”);
字符串名称=request.getParameter(“名称”);
字符串速率=request.getParameter(“速率”);
out.println(名称);
out.println(费率);
forName(“org.apache.derby.jdbc.ClientDriver”);
Connection con=DriverManager.getConnection(“jdbc:derby://localhost:1527/sample“,”应用程序“,”);
语句stmt=con.createStatement();
String query=“插入电影值(““+rate+”,“+name+”)”;
stmt.addBatch(查询);
out.println(“你好”);
stmt.close();
con.close();
out.println(“”);
out.println(“”);
}捕获(例外e){
e、 printStackTrace();
}最后{
out.close();
}
}

在服务器控制台/日志中查找堆栈跟踪。若要避免SQL注入攻击,并能够插入包含引号的名称,请了解prepared语句。所以我应该使用prepared语句而不是create语句?同样的问题找不到解决方案