尝试获取查询以在JSP中使用LIKE函数和变量

Question

我有一个用于提取用户名和用户信息的查询。在Access中，我有LIKE函数，这样用户就不必输入特定的名称。我现在将它转移到JSP。这是我在JSP中遇到麻烦的查询中的一行：

WHERE ObjectName Like '" + "%"+ VariableName + "%" +"';

查询运行正常，但即使我输入整个名称也不会显示任何信息。如果我将其更改为：

WHERE ObjectName = '" + VariableName +"';

它有效，但我想让用户有机会输入部分名称，以防他们不知道如何拼写名称或不正确。任何帮助都会得到赞赏。

谢谢

Answer 1

您显示的行有点奇怪，但在语法上有效。所以问题出在其他地方。 variableName实际包含什么？

那就是说，你不应该在JSP文件中编写原始Java代码。在Java类中执行此操作。您可以使用Servlet类来预处理或后处理请求。同时抓住PreparedStatement以避免SQL injections。这是一个启动示例：

public List<User> search(String username) throws SQLException {
    Connection connection = null;
    PreparedStatement statement = null;
    ResultSet resultSet = null;
    List<User> users = new ArrayList<User>();

    try {
        connection = database.getConnection();
        statement = connection.prepareStatement("SELECT id, username, age, email FROM user WHERE username LIKE ?");
        statement.setString(1, "%" + username + "%");
        resultSet = statement.executeQuery();
        while (resultSet.next()) {
            users.add(mapUser(resultSet));
        }
    } finally {
        close(connection, statement, resultSet);
    }

    return users;
}

Answer 2

1. 避免在JSP中编写SQL查询
2. "SELECT * FROM something WHERE ObectName LIKE '%" + VariableName + "%'"应该正常工作

Answer 3

这是启动用户的答案 我创建了一个名为ASHRAF的数据库，然后我创建一个名为CASH的表。代码如下：

CREATE TABLE CASH(NO INT NOT NULL PRIMARY KEY AUTO_INCREMENT,NAME VARCHAR(50) NOT NULL,ADDRESS VARCHAR(100),PET_NAME VARCHAR(50),PLACE VARCHAR(50),TYPE VARCHAR(20),TYPE_OF_PAY VARCHAR(20),AMOUNT INT(6) NOT NULL);

这里NO是自动增量蚂蚁它是主键无论如何你可以使用我在下面给出的jsp代码从表中搜索内容

我在这里使用NAME ADDRESS搜索你​​可以使用html页面和servlet传递参数

我创建的html页面（show.html）在下面给出

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>show.html</title>
</head>
<body>
<h1><b><font color=020202>SHOW</font></b></h1><br><br>
   <form name="f6" action="getshow" method="POST" onsubmit="return check(this)">
   <table border="0">
   <tr>
  <td>Name :</td><td><input type="text" name="name"></td>
   </tr>
   <tr>
  <td>House Name :</td><td><input type="text" name="address"></td>
   </tr>
   <tr>
   <td><br><input type="SUBMIT" value="submit"></td>
   </tr>
   </table>
   </form>
</body>
</html> 

servlet是（getshow.java），如下所示

package Servlets;



import java.io.IOException;



import javax.servlet.RequestDispatcher;



import javax.servlet.ServletException;



import javax.servlet.http.HttpServlet;



import javax.servlet.http.HttpServletRequest;



import javax.servlet.http.HttpServletResponse;



/**



 * Servlet implementation class getdata



 */



public class getshow extends HttpServlet {


    private static final long serialVersionUID = 1L;


    /**

     * @see HttpServlet#HttpServlet()

     */

    public getshow() {

        super();

        // TODO Auto-generated constructor stub

    }


    /**

     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)

     */

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
`` throws ServletException, IOException {


        // TODO Auto-generated method stub

    }


    /**`

     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse 
``response)


     */

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        // TODO Auto-generated method stub

        try{

        String url=null;

        String s1=request.getParameter("name");

        String s2=request.getParameter("address");


        request.setAttribute("name",s1);



        request.setAttribute("address",s2);


            url="show.jsp";

        RequestDispatcher view=request.getRequestDispatcher(url);

        view.forward(request, response);

    } catch (Exception e) {

        // TODO Auto-generated catch block

        e.printStackTrace();

    } 

    }


}

jsp文件是（show.jsp），如下所示

<%@ page language="java" contentType="text/html; charset=UTF-8"


    pageEncoding="UTF-8"%>


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">



<html>



<head>`

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">



<title>show.jsp</title>



</head>



<body>



<%String aid=(String)request.getAttribute("name"); %>



<%String sid=(String)request.getAttribute("address"); %>





  <%




        Connection con=null;

        ResultSet rs=null;

        String records=null;

        StringBuffer appender=new StringBuffer();

        java.sql.PreparedStatement st=null;

        try {

            Class.forName("com.mysql.jdbc.Driver").newInstance();

            con=DriverManager.getConnection("jdbc:mysql://localhost/ASHRAF?user=root&password=password");

            st=con.prepareStatement("select *from CASH where NAME like '" + aid + "%" +"' and ADDRESS like '" + sid + "%" +"'");

            rs=st.executeQuery();


            %>

    <center><TABLE cellpadding="15" border="2">

    <TR>


<TH>NO</TH>



<TH>NAME</TH>



<TH>HOUSE NAME</TH>



<TH>PET NAME</TH>



<TH>PLACE</TH>



<TH>TYPE OF OCCATION</TH>



<TH>TYPE OF PAY</TH>



<TH>AMOUNT</TH>



</TR>



 <%



while (rs.next()) {



%>



<TR>



<TD><%=rs.getString(1)%></TD>



<TD><%=rs.getString(2)%></TD>



<TD><%=rs.getString(3)%></TD>



<TD><%=rs.getString(4)%></TD>



<TD><%=rs.getString(5)%></TD>



<TD><%=rs.getString(6)%></TD>



<TD><%=rs.getString(7)%></TD>



<TD><%=rs.getString(8)%></TD>



</TR>



<% } %>



</TABLE>



</center>



</div>



<%


    } catch (Exception e) {

    // TODO Auto-generated catch block

    e.printStackTrace();


} 



finally



{


    try {

        con.close();

    } catch (SQLException e) {

        // TODO Auto-generated catch block

        e.printStackTrace();

    }


} %>



</body>



</html>

现在您可以搜索姓名，地址或两者。