尝试在表中显示数据库的全部内容时出现JSP错误

时间:2012-11-14 23:53:13

标签: java jsp jdbc

基本上我正在尝试遍历我的数据库并显示其中的所有信息。我理解这个概念但是我的实现显然是错误的,因为Tomcat一直给我以下错误:

Root cause:

javax.servlet.ServletException: Operation not allowed after ResultSet closed

非常感谢任何帮助。我知道问题在于我的while循环,但我的知识有限,我无法发现我需要做的更改。请随时更改代码。

    
<%@ page import="java.sql.*" %>

<%
String connectionURL = "jdbc:mysql://addr.to.db:3306/dbname";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;
%>

<html>

<head>
<title>JSP Server Response</title>
</head>

<body>
<h1>JSP Server Response:</h1>

<!--Get information from HTML form for manipulation-->

<%
    String songName = request.getParameter("newSongName");
String artistName = request.getParameter("newArtistName");
String password = request.getParameter("pass");
String radioResults = request.getParameter("dbIO");
%>

<%

Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "userName", "password");
statement = connection.createStatement();
String query = "SELECT * FROM song_info;";
rs = statement.executeQuery(query);

//Add or Delete Information from DB

if(radioResults.equalsIgnoreCase("insert"))
{
    statement.executeUpdate("INSERT INTO song_info (songTitle, artistName) VALUES                     ('"+artistName+"','"+songName+"')");
}
else if(radioResults.equalsIgnoreCase("delete"))
{
statement.executeUpdate("DELETE FROM song_info WHERE artistName='"+songName+"'");
}
%>

<table>
<tr>
<th>Song Name</th><th>Artist Name</th>
</tr>

<% while(rs.next()){ %>
<tr>
<td align=center> <%= rs.getString("songTitle")%></td>
<td align=center> <%= rs.getString("artistName")%></td>
</tr>
<%}%>
</table>

<%
rs.close();
statement.close();
connection.close();
%>

Information Submitted to Server:

Artist Name: <%=songName%> <br />
Song Name: <%=artistName%> <br />
Password: <%=password%><br />
Radio Button Selection: <%=radioResults%><br /><br />

Password Correct: 

</body>

</html>

2 个答案:

答案 0 :(得分:0)

管理提出一个临时解决方案,将数据库的所有行连接成一个长字符串,然后将字符串显示到浏览器:

<%

Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "userName", "dbPass");
statement = connection.createStatement();
String query = "SELECT songTitle, artistName FROM song_info";
rs = statement.executeQuery(query);

String db_contentsORIGINAL = "";

while (rs.next()) {
    String artName = rs.getString("artistName");
    String sName = rs.getString("songTitle");

    String db_entry = "<b>Artist:</b> " + artName + " | " + "<b>Song Title:         </b>" + sName + "<br />";

        db_contentsORIGINAL += db_entry;
}

//Add or Delete Information from DB

if(radioResults.equalsIgnoreCase("insert"))
{
statement.executeUpdate("INSERT INTO song_info (songTitle, artistName) VALUES         ('"+artistName+"','"+songName+"')");
}
else if(radioResults.equalsIgnoreCase("delete"))
{
statement.executeUpdate("DELETE FROM song_info WHERE artistName='"+songName+"'");
}

%>

答案 1 :(得分:0)

问题是您使用相同的Statement对象来执行多个查询。如果您重复使用Statement,那么之前执行的任何资源(如ResultSet)都将关闭。

解决方案是重新排序查询(就像您在自己的答案中所做的那样),或者为查询和更新使用单独的Statement个对象。

此外,您当前的代码会向您公开SQL注入。请将PreparedStatement与参数化查询一起使用。这将保护您免受大多数(如果不是全部)SQL注入攻击。

相关问题
最新问题