Java Servlet插入MySQL [关闭]

【问题标题】:Java Servlet Insert MySQL [closed]Java Servlet插入MySQL [关闭]
【发布时间】:2013-05-07 17:37:52
【问题描述】:

我正在尝试将 HTML 表单中的记录插入 MySQL 数据库。我的 HTML 和 Jquery 已关闭,但我的 Servlet 有问题。我没有立即注意到它有什么问题,但是如果我能在正确的方向上找到一个点,我就可以超越我现在的位置。谢谢

package com.david.servlets;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;


/**
 * Servlet implementation class myForm
 */

public class myForm extends HttpServlet {

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException
        {
              //Get parameters
            String id = request.getParameter("ID");
            String fname = request.getParameter("FirstName");
            String lname = request.getParameter("LastName");


            //Get Connection
            try {
                Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
            } catch (ClassNotFoundException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            System.out.println("Found a driver");
            Connection dbConnect = null;
            try {
                dbConnect = getConnection("localhost", 7001);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (NamingException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }


            System.out.println("Made a connection");


                //Create Query
            String query = "INSERT INTO test.customer (ID, FirstName, LastName) " + 
                    "VALUES (" + id + ", " + fname + ", " + lname + ")";
            PreparedStatement dbStatement = null;
            try {
                dbStatement = dbConnect.prepareStatement(query);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            //Execute Query
            try {
                dbStatement.executeUpdate(query);
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

            //close connection
            try {
                dbStatement.close();
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            try {
                dbConnect.close();
            } catch (SQLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

        }





public Connection getConnection(String server, int port)
        throws SQLException, NamingException {
    Context ctx = null;
    Hashtable ht = new Hashtable();
    ht.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
    ht.put(Context.PROVIDER_URL, "t3://"+server+":"+port);
    ctx = new InitialContext(ht);
    DataSource ds = (javax.sql.DataSource) ctx.lookup ("localmysql");
    Connection conn =  ds.getConnection();
    //conn.setAutoCommit( true );
    return conn;
}    





}

【问题讨论】:

  • 哪里失败了?堆栈跟踪?

标签: java mysql database servlets insert


【解决方案1】:

您在 fnamelname 文本字段周围缺少一些单引号:

String query = "INSERT INTO test.customer (ID, FirstName, LastName) " + 
           "VALUES (" + id + ", '" + fname + "', '" + lname + "')";

注意:最安全的方法是使用PreparedStatement 占位符,而不是使用String 连接。它们不仅可以防止SQL Injection 攻击,而且还可以管理引号字符。 

String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
PreparedStatement dbStatement = dbConnect.prepareStatement(query);
dbStatement.setInt(1, Integer.parseInt(id));
dbStatement.setString(2, fname);
dbStatement.setString(3, lname);

Id 字段通常是 INTEGER 类型)

【讨论】:

  • 很有效,谢谢,对占位符也有很好的建议。
【解决方案2】:

对我来说看起来不错,但是,您使用的是 PreparedStatement,并没有通过查询构造获得任何好处。有关解决方案,请参阅我的示例代码,如下所示:

   //Get Connection
    try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    } catch (ClassNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    System.out.println("Found a driver");
    Connection dbConnect = null;
    try {
        dbConnect = getConnection("localhost", 7001);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NamingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }


    System.out.println("Made a connection");


        //Create Query
    String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
    PreparedStatement dbStatement = null;
    try {
        dbStatement = dbConnect.prepareStatement(query);
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    // set parameters
    try {
        dbStatement.setString(1, ID);
        dbStatement.setString(2, fname);
        dbStatement.setString(3, lname);
    } catch (SQLException e) {
        e.printStackTrace();
    }
    //Execute Query
    try {
        if (dbStatement.executeUpdate(query) == 0) { 
            System.err.println("Nothing inserted"); 
        }
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    //close connection
    try {
        dbStatement.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    try {
        dbConnect.close();
    } catch (SQLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}

【讨论】:

  • 一旦我获得更多声誉,我会加入 =)
【解决方案3】:

除了其他人指出的缺失引号之外,我想补充一点,您使用 PreparedStatement 不正确。您首先准备声明与

dbStatement = dbConnect.prepareStatement(query);

然后不执行已经准备好的查询

dbStatement.executeUpdate();

您正在创建一个并不必要地执行它

dbStatement.executeUpdate(query);

这不会导致任何错误或抛出异常,但这是执行 JDBC 的错误方式。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2014-06-28
    • 1970-01-01
    • 1970-01-01
    • 2012-07-21
    • 1970-01-01
    • 2021-09-12
    • 1970-01-01
    • 2011-05-17
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode