我想根据复选框选择从MYSQL中选择。 (复选框有ID,并且数据库中的选择应该选择ID =? - >所选ID)
我用MVC架构组织它:
是我的形式(这是动态的,所以可以有更多)
<input type="checkbox" name="checkboxes" value="1">XY
<input type="checkbox" name="checkboxes" value="2">XY
<input type="checkbox" name="checkboxes" value="3">XY
我得到了值
String[] catids = request.getParameterValues("checkboxes");
//Forward to bean -> doesnt work because catids is like an array
FrageBean f=FragenBean.getRandomQuestionByCategory(catids);
我的豆是:
public static FrageBean getRandomQuestionByCategory(String catids) {
ArrayList<Integer> alleFragenIds = new ArrayList<Integer>();
DatabaseMetaData dbmd;
Statement sql;
Connection db = null;
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException ex) {
System.out.println("driver not found");
}
try {
db = DriverManager
.getConnection("jdbc:mysql://localhost:3306/xyz?"
+ "user=root&password=xyz");
dbmd = db.getMetaData();
System.out.println("Connected with: " + dbmd.getUserName() + " | "
+ "Connection to: " + dbmd.getDatabaseProductName() + " " + dbmd.getDatabaseProductVersion() + " successful.\n");
sql = db.createStatement();
} catch (SQLException ex) {
System.out.println("Error: " + ex);
}
try {
String query = "select id from quest where quest_id=?";
PreparedStatement prest = db.prepareStatement( query);
prest.setString(1, catids);
ResultSet rs = prest.executeQuery();
ArrayList fragenliste = new ArrayList();
while (rs.next()) {
int fragenid = rs.getInt("id");
alleFragenIds.add(fragenid);
}
rs.close();
db.close();
} catch (SQLException ex) {
System.out.println("Error: " + ex);
}
Random r = new Random();
int frageIndex = r.nextInt(alleFragenIds.size());
System.out.println("Contents of al: " + alleFragenIds);
return new FrageBean(alleFragenIds.get(frageIndex));
}
目前它仅适用于一个id(因为我只有一个选择)。如何使用复选框进行操作?如何将“catids”转发给bean并创建mysql-query动态? (从fragen中选择id,其中kategorie_id = [ALL CHECKED BOXES])
提前致谢!!!!
答案 0 :(得分:2)
在您的课程中创建以下方法。放入适当的驱动程序clas和url连接,并将catid作为字符串数组传递。
假设:我假设列“quest_id”在表任务中的类型为 int 。
public void displayRecords(String[] catids)
{
try
{
String queryStart = "select id from quest where quest_id in ( ";
String queryMiddle = "";
String prefix = "";
String queryEnd = " )";
String query = "";
if (catids != null && catids.length > 0)
{
for (String id : catids)
{
queryMiddle = queryMiddle + prefix + id;
prefix = ",";
}
query = queryStart + queryMiddle + queryEnd;
System.out.println(query);
Class.forName("DriverClass....................");
Connection conn = DriverManager.getConnection("connection url ..................");
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(query);
while (rs.next())
{
int fragenid = rs.getInt("id");
System.out.println("ID = " + fragenid);
}
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
答案 1 :(得分:1)
@ RaisAlam的答案很危险,因为它容易受到SQL注入攻击。这是一个固定版本:
public void displayRecords(String[] catids) {
try {
String queryStart = "select id from quest where quest_id in ( ";
String queryMiddle = "";
String prefix = "";
String queryEnd = " )";
String query = "";
if (catids != null && catids.length > 0) {
for (String id : catids) {
queryMiddle = queryMiddle + prefix + "?";
prefix = ",";
}
query = queryStart + queryMiddle + queryEnd;
System.out.println(query);
Class.forName(....);
Connection conn = DriverManager.getConnection(....);
PreparedStatement stmt = conn.createPreparedStatement(query);
int i = 1;
for (String id : catids) {
stmt.setInt(i++, Integer.parseInt(id));
}
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
int fragenid = rs.getInt("id");
System.out.println("ID = " + fragenid);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
对每个参数使用带有占位符的PreparedStatement是避免SQL注入的“最佳实践”方法。