Jdbc ExecuteUpdate()挂起,无法运行我的程序
我正在尝试用JDBC将这段代码作为我的.JSP文件的servlet运行在带有derby数据库的netbeans中。我的问题并没有超出“stmt.addBatch(query)”;它不会打印“hello”。我还在库中使用了derby.jar、derbyclient.jar和derbynet.jar 期待收到其他人的来信Jdbc ExecuteUpdate()挂起,无法运行我的程序,jdbc,netbeans-8,Jdbc,Netbeans 8,我正在尝试用JDBC将这段代码作为我的.JSP文件的servlet运行在带有derby数据库的netbeans中。我的问题并没有超出“stmt.addBatch(query)”;它不会打印“hello”。我还在库中使用了derby.jar、derbyclient.jar和derbynet.jar 期待收到其他人的来信 import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletExc
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.sql.*;
import java.io.*;
import javax.sql.*;
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
/* TODO output your page here. You may use following sample code. */
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet Reg</title>");
out.println("</head>");
out.println("<body>");
String name=request.getParameter("name");
String rate=request.getParameter("Rate");
out.println(name);
out.println(rate);
Class.forName("org.apache.derby.jdbc.ClientDriver");
Connection con=DriverManager.getConnection("jdbc:derby://localhost:1527/sample","APP","");
Statement stmt=con.createStatement();
String query="insert into movie values('"+rate+"','" +name+ "')";
stmt.addBatch(query);
out.println("hello");
stmt.close();
con.close();
out.println("</body>");
out.println("</html>");
} catch(Exception e){
e.printStackTrace();
} finally {
out.close();
}
}
import java.io.IOException;
导入java.io.PrintWriter;
导入javax.servlet.ServletException;
导入javax.servlet.annotation.WebServlet;
导入javax.servlet.http.HttpServlet;
导入javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpServletResponse;
导入java.sql.*;
导入java.io.*;
导入javax.sql.*;
受保护的void processRequest(HttpServletRequest请求,HttpServletResponse响应)引发ServletException,IOException{
setContentType(“text/html;charset=UTF-8”);
PrintWriter out=response.getWriter();
试一试{
/*TODO在此处输出您的页面。您可以使用以下示例代码*/
out.println(“”);
out.println(“”);
out.println(“”);
out.println(“Servlet Reg”);
out.println(“”);
out.println(“”);
字符串名称=request.getParameter(“名称”);
字符串速率=request.getParameter(“速率”);
out.println(名称);
out.println(费率);
forName(“org.apache.derby.jdbc.ClientDriver”);
Connection con=DriverManager.getConnection(“jdbc:derby://localhost:1527/sample“,”应用程序“,”);
语句stmt=con.createStatement();
String query=“插入电影值(““+rate+”,“+name+”)”;
stmt.addBatch(查询);
out.println(“你好”);
stmt.close();
con.close();
out.println(“”);
out.println(“”);
}捕获(例外e){
e、 printStackTrace();
}最后{
out.close();
}
}
在服务器控制台/日志中查找堆栈跟踪。若要避免SQL注入攻击,并能够插入包含引号的名称,请了解prepared语句。所以我应该使用prepared语句而不是create语句?同样的问题找不到解决方案