我试图将HTML表单中的记录插入MySQL数据库。我有HTML和Jquery,但我的Servlet有问题。我没有注意到它有任何直接的错误,但如果我能在正确的方向上得到一个点,我可以超越我当前的位置。感谢
package com.david.servlets;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
/**
* Servlet implementation class myForm
*/
public class myForm extends HttpServlet {
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
//Get parameters
String id = request.getParameter("ID");
String fname = request.getParameter("FirstName");
String lname = request.getParameter("LastName");
//Get Connection
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("Found a driver");
Connection dbConnect = null;
try {
dbConnect = getConnection("localhost", 7001);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("Made a connection");
//Create Query
String query = "INSERT INTO test.customer (ID, FirstName, LastName) " +
"VALUES (" + id + ", " + fname + ", " + lname + ")";
PreparedStatement dbStatement = null;
try {
dbStatement = dbConnect.prepareStatement(query);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//Execute Query
try {
dbStatement.executeUpdate(query);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//close connection
try {
dbStatement.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
dbConnect.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public Connection getConnection(String server, int port)
throws SQLException, NamingException {
Context ctx = null;
Hashtable ht = new Hashtable();
ht.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
ht.put(Context.PROVIDER_URL, "t3://"+server+":"+port);
ctx = new InitialContext(ht);
DataSource ds = (javax.sql.DataSource) ctx.lookup ("localmysql");
Connection conn = ds.getConnection();
//conn.setAutoCommit( true );
return conn;
}
}
答案 0 :(得分:3)
您在fname和lname文字字段周围缺少一些单引号:
String query = "INSERT INTO test.customer (ID, FirstName, LastName) " +
"VALUES (" + id + ", '" + fname + "', '" + lname + "')";
注意:最安全的方法是使用PreparedStatement占位符而不是进行String连接。它们不仅可以防御SQL Injection攻击,还可以管理引用字符。
String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
PreparedStatement dbStatement = dbConnect.prepareStatement(query);
dbStatement.setInt(1, Integer.parseInt(id));
dbStatement.setString(2, fname);
dbStatement.setString(3, lname);
(Id字段通常是 INTEGER类型)
答案 1 :(得分:0)
对我来说很好,但是,您正在使用PreparedStatement而不是通过查询构造获得任何好处。有关解决方案,请参阅以下示例代码:
//Get Connection
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("Found a driver");
Connection dbConnect = null;
try {
dbConnect = getConnection("localhost", 7001);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("Made a connection");
//Create Query
String query = "INSERT INTO test.customer (ID, FirstName, LastName) VALUES (?,?,?)";
PreparedStatement dbStatement = null;
try {
dbStatement = dbConnect.prepareStatement(query);
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// set parameters
try {
dbStatement.setString(1, ID);
dbStatement.setString(2, fname);
dbStatement.setString(3, lname);
} catch (SQLException e) {
e.printStackTrace();
}
//Execute Query
try {
if (dbStatement.executeUpdate(query) == 0) {
System.err.println("Nothing inserted");
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//close connection
try {
dbStatement.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
dbConnect.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
答案 2 :(得分:0)
除了其他人指出的缺失引号之外,我还想补充一点,你错误地使用了PreparedStatement。你是第一次准备声明
dbStatement = dbConnect.prepareStatement(query);
然后而不是执行已经准备好的查询
dbStatement.executeUpdate();
您正在不必要地创建 新 并使用
执行它dbStatement.executeUpdate(query);
这不会导致任何错误或抛出异常,但这是做JDBC的错误方法。