JSP-使用apachecommons上传文件
为什么我的文件上传代码不起作用 我正在使用“commons-fileupload-1.1.1.jar” 此外,我还看到NetBeans 6.1中“isMultipartContent”的第二行有一个删除线JSP-使用apachecommons上传文件,jsp,apache-commons-fileupload,Jsp,Apache Commons Fileupload,为什么我的文件上传代码不起作用 我正在使用“commons-fileupload-1.1.1.jar” 此外,我还看到NetBeans 6.1中“isMultipartContent”的第二行有一个删除线 // Check that we have a file upload request >>>> boolean isMultipart = FileUpload.isMultipartContent(request); // Create va
// Check that we have a file upload request
>>>> boolean isMultipart = FileUpload.isMultipartContent(request);
// Create variables for path, filename and extension
appPath = application.getRealPath("\\");
// Create a factory for disk-based file items
FileItemFactory factory = new DiskFileItemFactory();
// Create a new file upload handler
ServletFileUpload upload = new ServletFileUpload(factory);
// Parse the request and Extract request items
>>>>> List items = upload.parseRequest(request);
// create an Iterator to iterate through request items
Iterator iter = items.iterator();
//Form fields
//out.println("<br><br>While loop started");
while (iter.hasNext())
{
FileItem item = (FileItem) iter.next();
if(item.isFormField())
{
String name = item.getFieldName();
String value = item.getString();
if(name.equals("txtUsername"))
{
_USERNAME_ = value;
Class.forName("org.gjt.mm.mysql.Driver");
try
{
connection = DriverManager.getConnection("jdbc:mysql://localhost/ict");
statement = connection.createStatement();
recordset = statement.executeQuery("SELECT * FROM registered_students WHERE username=\'" + _USERNAME_ + "\'");
while(recordset.next())
{
roll = recordset.getString(4);
_ROLL_ = roll;
}
recordset.close();
recordset=null;
statement.close();
statement=null;
}
finally
{
if(connection!=null)
{
connection.close();
}
}
}
}
}
因为commons fileupload依赖于。把它添加到你的类路径中。只是一个注释-你的数据库查询让我有点畏缩。如果语句和ResultSet对象未关闭,则可能会发生内存泄漏,并且由于您将输入直接复制到查询中,因此可能会发生注入攻击
PreparedStatement select = null;
ResultSet rs = null;
try { con.prepareStatement("SELECT * FROM registered_students WHERE username = ?");
select.setString(1, username);
rs = select.executeQuery();
} finally {
if (select != null) select.close();
if (rs != null) rs.close();
}
PreparedStatement select = null;
ResultSet rs = null;
try { con.prepareStatement("SELECT * FROM registered_students WHERE username = ?");
select.setString(1, username);
rs = select.executeQuery();
} finally {
if (select != null) select.close();
if (rs != null) rs.close();
}