如何在servlet中发送下拉列表项的值

Question

我想从数据库到网页显示各种类型（数学，物理，化学）的书籍细节。 当我从下拉列表中选择特定项目时，其相应的书籍将显示在网页中。 我的 jsp 页面如下所示：

<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*"   
    errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org    
        /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
</head>

<body>
    <center>
        <h1>Science Book</h1><br /><br />
        <hr color="#CC9999" size="5px" /><br /><br />

        <form action="Controller">
            <select name="book">
                <option value="Math">Math</option>
                <option value="Phy">Physics</option>
                <option value="Chem">Chemistry</option>
            </select>
            <input type="submit" value="Submit"/>
        </form>
    </center>
</body>

这里Controller是servlet名称。 我的 servlet 如下所示：

package com.sayan.myservlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Controller extends HttpServlet
{
private static final long serialVersionUID = 1L;

public Controller()
{
    super();

}


protected void doGet(HttpServletRequest request, HttpServletResponse response) throws 
               ServletException, IOException 
{
    doProcess(request,response);
}


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws 
               ServletException, IOException
{
    doProcess(request,response);
}


protected void doProcess(HttpServletRequest request, HttpServletResponse response) 
               throws ServletException, IOException
{
    String booktype=null;         //set drowdownlist item value
    PrintWriter out = response.getWriter();

    String drivername = "oracle.jdbc.OracleDriver";
    String url = "jdbc:oracle:thin:@172.16.0.30:1521:orcl";
    String username = "scott";
    String password = "tiger";

    Connection con = null;
    Statement st = null;
    ResultSet rs = null;

    try{
        Class.forName(drivername);
        con = DriverManager.getConnection(url,username,password);
        st = con.createStatement();

        String sql = "select name,author,publisher,price from book where 
                      type="+booktype;
        System.out.println(sql);
        rs = st.executeQuery(sql);
        out.println("<html><body><table border=5>");
        out.println("<tr><th>name</th>");
        out.println("<th>author</th>");
        out.println("<th>publisher</th>");
        out.println("<th>price</th></tr><tr>");
        while(rs.next()){
            String name = rs.getString("name");
            String author = rs.getString("author");
            String publisher = rs.getString("publisher");
            String price = rs.getString("price");

            out.println("<td>" + name + "</td>");
            out.println("<td>" + author + "</td>");
            out.println("<td>" + publisher + "</td>");
            out.println("<td>" + price + "</td>");
        }
        out.println("</tr></table></body></html");
    }catch(ClassNotFoundException cnfe){
        System.out.println("Exception caught : " + cnfe);
    }catch(SQLException se){
        System.out.println("Exception caught : " + se);
    }finally{
        try{
            con.close();
        }catch(SQLException se1){
            System.out.println("Exception caught : " + se1);
        }
    }


}

}

我想在booktype String中设置dropdownlist项值。我可以这样做吗？ 如果可能的话，请提及。

Answer 1

如果我理解你的问题，那么

String booktype=request.getParameter("book");

此外，您应该使用PreparedStatement，因为您发布的代码容易受到SQL注入攻击。最后，关闭Statement和ResultSet以及Connection，否则您可能会开始泄漏数据库游标。

Connection con = null;
PreparedStatement st = null;
ResultSet rs = null;
String sql = "select name,author,publisher,price from book where "
    + "type=?";

try {
  // Class.forName(drivername); // <-- not needed since JDBC Version 4
  // http://stackoverflow.com/a/8053125/2970947
  con = DriverManager.getConnection(url, username,
      password);
  st = con.prepareStatement(sql);
  st.setString(1, booktype);

  System.out.println(sql);
  rs = st.executeQuery();
  out.println("<html><body><table border=5>");
  out.println("<tr><th>name</th>");
  out.println("<th>author</th>");
  out.println("<th>publisher</th>");
  out.println("<th>price</th></tr><tr>");
  while (rs.next()) {
    String name = rs.getString("name");
    String author = rs.getString("author");
    String publisher = rs.getString("publisher");
    String price = rs.getString("price");

    out.println("<td>" + name + "</td>");
    out.println("<td>" + author + "</td>");
    out.println("<td>" + publisher + "</td>");
    out.println("<td>" + price + "</td>");
  }
  out.println("</tr></table></body></html");
} catch (ClassNotFoundException cnfe) {
  System.out.println("Exception caught : " + cnfe);
} catch (SQLException se) {
  System.out.println("Exception caught : " + se);
} finally {
  try {
    rs.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
  try {
    st.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
  try {
    con.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
}