异常 java.lang.NumberFormatException：servlet 中的 null [重复]

Question

String Dept  = request.getParameter("dept");
int NumOfEmp = Integer.parseInt(request.getParameter("EmployeeNum"));

if(null != Dept && !Dept.isEmpty()){
       // add criteria for Name
      query += " AND DeptName = '"+ Dept + "'"; // prefer parametrized query
    }

    if(NumOfEmp > 0){

        // add criteria for Age
      query += " AND NumberOfEmployees = "+ NumOfEmp ;  // prefer parametrized query
    }

System.out.println("QUERY ......... " +  query);
pst = c.prepareStatement(query);

形成的查询看起来很好：

这是我得到的：

select DeptName, NumberOfEmployees from Departments where 1 = 1 AND 

         NumberOfEmployees = 50

查询对我来说看起来不错，但在打印查询后，控制台上打印了注释。 然后，如果我显式调用 url，它会给出一个异常：

 Exception java.lang.NumberFormatException: null

我从 ajax 传递的数据字符串：

var dataString ={ "EmployeeNum" : "50"};

我该如何解决这个问题？这里似乎有什么问题？

编辑：这是完整的代码：

包 com.Charts;

/**
 * Servlet implementation class DBChart
 */
@WebServlet("/db")
public class DBChart extends HttpServlet
{
Connection c = null;
//Statement st = null;
ResultSet rs = null;
String query = null;
JSONObject obj = null;
JSONObject resobj =null;
PreparedStatement pst = null;
//DatabaseMetaData dbmd = null;
String dbURL="jdbc:sqlserver://localhost:1433; databaseName = EMPLOYEE";
String user = "sa";
String password = "minisiminoni";
public  void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException 
{
try
{
List<JSONObject> Details = new LinkedList<JSONObject>();
PrintWriter out = response.getWriter();
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
c = DriverManager.getConnection(dbURL, user, password);
query = "select DeptName, NumberOfEmployees from Departments where 1 = 1";
String Dept = "";
try
{
Dept  = request.getParameter("dept");
}
catch(Exception e)
{
System.out.println("request param dept " + e);
}
String EmployeeNum= "";
try
{
 EmployeeNum = request.getParameter("EmployeeNum");
}
catch(Exception e)
{
System.out.println("error in get param" + e );
}
int NumOfEmp;
try {
    NumOfEmp = Integer.parseInt(EmployeeNum);
} catch(NumberFormatException e){
    StringBuilder sb = new StringBuilder();
    sb.append("Error parsing this EployeeNum: ");
    sb.append(EmployeeNum);
    e.printStackTrace();
    throw new RuntimeException(sb.toString());
}

if (Dept != null && !Dept.isEmpty()) {
      // add criteria for Name
      query += " AND DeptName = '"+ Dept + "'"; // prefer parametrized query
    }
    if (NumOfEmp > 0) {
     // add criteria for Age
      query += " AND NumberOfEmployees = "+ NumOfEmp ;  // prefer parametrized query
    }
System.out.println("QUERY ......... " +  query);
pst = c.prepareStatement(query);
resobj = new JSONObject();
while(rs.next())
{
String DeptName = rs.getString(1);
System.out.println("name " + DeptName);
int NumberOfEmployees = rs.getInt(2);
System.out.println("num " + NumberOfEmployees );
obj = new JSONObject();
obj.put("DeptName", DeptName);
obj.put( "NumberOfEmployees",NumberOfEmployees );
Details.add(obj);
}
resobj.put("Details", Details);
out.write(resobj.toString());

}
catch(Exception e)
{
System.out.println("Exception " + e);  //only this is where exception is caught
}
}
  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     doGet(request, response);
  }
}

控制台：

INFO: QUERY ......... select DeptName, NumberOfEmployees from Departments where 1 = 1 AND NumberOfEmployees = 50
2015-03-27T14:32:30.604+0530|SEVERE: SLF4J: The requested version 1.6 by your slf4j binding is not compatible with [1.5.5, 1.5.6]
2015-03-27T14:32:30.604+0530|SEVERE: SLF4J: See http://www.slf4j.org/codes.html#version_mismatch for further details.

然后什么都没有：

然后，如果我明确地转到 servlet URL，我会得到这个：

2015-03-27T14:33:58.670+0530|INFO: Exception java.lang.NumberFormatException: null

这是我的 ajax 调用：

<script type="text/javascript">
            var dataString ={ "EmployeeNum" : "50"};
            var queryObject="";
            var queryObjectLen="";
            console.log("loading");
            google.load('visualization', '1.0', {'packages':['corechart']});
google.setOnLoadCallback(function() {
    $.ajax({
        type : 'POST',
        data:  dataString,
        url : 'http://localhost:8080/Charts/db',
        success : function(data) {
        alert("success");
            queryObject = jQuery.parseJSON(data);            
            queryObjectLen = queryObject.Details.length;
            console.log("queryObj: "+queryObject+" Length: "+queryObjectLen);
            drawChart();
        },
        error : function(xhr, type) {

            alert('server error occoured')
        }
    }).done(function(msg) {
            alert("aa gya Response: " + msg);
        });
});

Answer 1

您的代码有很多更正

第一：SQL查询
你真的需要这个 1 = 1 它闻起来像 SQL 注入......所以删除它

第二个 Java 代码
A.总是try{}catch(){}可以产生异常的代码块；
B. 始终打印全面的错误消息；
C. 必须使用 log4j for ex;

第三业务规则
A. 您必须检查员工人数是否与您预期的一样大或等于零
B. 防止你的代码被 SQL 注入

试试这个代码

String Dept  = request.getParameter("dept");
String EmployeeNum = request.getParameter("EmployeeNum");
try {
    int NumOfEmp = Integer.parseInt(EmployeeNum);
} catch(NumberFormatException e){
    StringBuilder sb = new StringBuilder();
    sb.append("Error parsing this EployeeNum: ");
    sb.append(EmployeeNum);
    e.printStackTrace();
    throw new RuntimeException(sb.toString());
}

if (Dept != null && !Dept.isEmpty()) {
      // add criteria for Name
      query += " AND DeptName = '"+ Dept + "'"; // prefer parametrized query
    }
    if (NumOfEmp > 0) {
     // add criteria for Age
      query += " AND NumberOfEmployees = "+ NumOfEmp ;  // prefer parametrized query
    }
System.out.println("QUERY ......... " +  query);
pst = c.prepareStatement(query);