在JSP中提交表单异常

时间:2012-07-30 21:35:09

标签: jsp

为什么会出错? 我该怎么办? 我将Java EE(jsdk)和classes12添加到intellij,并在tomcat的lib目录中添加了classes12。 这是DataAccessLayer。

public class DataBase {
    private Connection connection;
    private PreparedStatement statement;

    public DataBase() throws ClassNotFoundException, SQLException {
        Class.forName("oracle.jdbc.driver.OracleDriver");
        connection = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe", "SYSTEM", "1234");
    }

    public void insertOrUpdateOrDelete(String sqlQuery) throws SQLException {
        statement = connection.prepareStatement(sqlQuery);
        statement.executeUpdate();
    }

    public ResultSet select(String sqlQuery) throws SQLException {
        statement = connection.prepareStatement(sqlQuery);
        ResultSet resultSet = statement.executeQuery();
        return resultSet;
    }

    public void disconnect() throws SQLException {
        statement.close();
        connection.close();
    }
}

此类使用DataBase类。

public class Users {
 DataBase dataBase;
    public Users() throws ClassNotFoundException, SQLException {
        dataBase = new DataBase();
    }

    public void addUser(HttpServletRequest request) throws SQLException {

        String sqlQuery = "insert into users (name,family,email,tel,password) values('" + request.getParameter("name") + "','" + request.getParameter("family") + "','" + request.getParameter("email") + "','" + request.getParameter("tel") + "','" + request.getParameter("password") + "')";
        dataBase.insertOrUpdateOrDelete(sqlQuery);
        dataBase.disconnect();
    }

这是我的注册jsp页面。 我检查哪个用户点击了提交按钮并保存在数据库中。

<%
        if (request.getParameter("name") != null) {
            try {
                Users user = new Users();
                user.addUser(request);

            } catch (Exception error) {
                error.printStackTrace();

            }

        }

%>
        <form id="RegisterForm" action="Regist.jsp" method="post">
            <div>
                <div class="wrapper">
                    <div class="bg"><input type="text" class="input" name="name"/></div>
                    Name:<br/>
                </div>
                <div class="wrapper">
                    <div class="bg"><input type="text" class="input" name="family"/></div>
                    Family:<br/>
                </div>
                <div class="wrapper">
                    <div class="bg"><input type="text" class="input" name="email"/></div>
                    E-mail:<br/>
                </div>
                <div class="wrapper">
                    <div class="bg"><input type="password" class="input" name="password"/></div>
                    Password:<br/>
                </div>
                <div class="wrapper">
                    <div class="bg"><input type="text" class="input" name="tel"/></div>
                    Tel:<br/>
                </div>


                <input Class="button1" type="submit" value="SUBMIT"/>
                <input Class="button1" type="reset" value="RESET"/>

            </div>
        </form>

但我有例外

Exceptions :
java.sql.SQLException: ORA-01400: cannot insert NULL into ("SYSTEM"."USERS"."ID")

    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:124)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:304)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:271)
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:625)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:181)
    at oracle.jdbc.driver.T4CPreparedStatement.execute_for_rows(T4CPreparedStatement.java:791)
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1032)
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2884)
    at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:2956)
    at airAgency.DataBase.insertOrUpdateOrDelete(DataBase.java:24)
    at airAgency.Users.addUser(Users.java:24)
    at org.apache.jsp.Regist_jsp._jspService(Regist_jsp.java:125)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:619)

1 个答案:

答案 0 :(得分:4)

错误消息解释了问题所在:

cannot insert NULL into ("SYSTEM"."USERS"."ID")

您在users表中有一个名为ID的不可为空的列,但您没有在此列中插入任何内容,因此数据库会抱怨。

此外,您的代码是以错误的方式使用预准备语句的完美示例,因此受到SQL注入攻击。您的查询应该有参数,应绑定:

insert into users (name,family,email,tel,password) values(?, ?, ?, ?, ?)

例如,如果我的名字是 O'Reilly ,那么您的查询将失败并出现语法错误。这是潜在问题中最不重要的。

阅读JDBC tutorial中准备好的陈述。