我在阅读/显示用户信息时遇到了另一个问题。一旦INSERT完成,我有另一个提交按钮,应该向用户显示他的信息(注册)。我是否正朝着正确的方向前进?
<%@page import="java.sql.*, java.util.*, javax.servlet.*, java.io.*, javax.servlet.http.*, business.*"%>
<%
Connection conn = null;
try {
String email=request.getParameter("emailAddress");
String dbURL = "jdbc:mysql://localhost:3306/Users";
String user = "root";
String pwd = "password";
String driver = "com.mysql.jdbc.Driver";
String query = ("SELECT * FROM User WHERE EmailAddress = '" +email+ "'");
Class.forName(driver);
conn = DriverManager.getConnection(dbURL, user, pwd);
Statement statement = conn.createStatement();
ResultSet rs = statement.executeQuery(query);
User userObj;
ArrayList<User> users = new ArrayList<User>();
statement.close();
while(rs.next())
{
userObj = new User(rs.getString(2), rs.getString(3), rs.getString(4), rs.getString(5), rs.getString(6));
users.add(userObj);
}
Iterator it = users.iterator();
User tempUser;
while(it.hasNext())
{
tempUser = (User) it.next();
%>
Username: <%= tempUser.getUserName() %><br>
Password: <%= tempUser.getUserPass() %><br>
First Name: <%= tempUser.getFirstName() %><br>
Last Name: <%= tempUser.getLastName() %><br>
Email: <%= tempUser.getEmailAddress() %><br>
<%
}
} catch( ClassNotFoundException e ){
System.err.println( "Database Driver class not Found!" );
e.printStackTrace();
} catch( SQLException e ){
e.printStackTrace();
} finally {
try {
if ( conn != null ) {
conn.close();
}
} catch ( SQLException e ) {
System.err.println( "Problems when closing connection" );
e.printStackTrace();
}
}
%>
答案 0 :(得分:0)
您也必须关闭ResultSet。您可以使用PreparedStatement而不是Statement来避免SQL注入。
答案 1 :(得分:0)
在jsp页面中编写java代码并不是一种好习惯。将JDBC代码放到java bean中。以下是来自oracle(前太阳)的JavaBeans components in jsp pages的解释。