我正在尝试执行一个简单的servlet程序(在eclipse10.0 oracle10g,tomcat6.0中),从一个表中检索数据。但是我无法在我的代码中使用很多论坛进行检查但我仍然得到了相同..plz帮助我。我的代码是
entermail.html
<body>
<form action="getdata">
<p> Plz enter Your name ID Below to get your Details</p>
<input type="text" name="uname" >
<input type="submit" value="G@">
</form>
</body>
<servlet>
<servlet-name>MyServletdb</servlet-name>
<servlet-class>com.myservlets.demo.Servletdb</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServletdb</servlet-name>
<url-pattern>/getdata</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>enteremail.html</welcome-file>
</welcome-file-list>
</web-app>
public class Servletdb extends HttpServlet {
private static final long serialVersionUID = 1L;
Connection con;
Statement st;
ResultSet rs;
PrintWriter out;
String s1="jdbc:oracle:thin:@localhost:1521:XE",name;
String s2="system";
String s3="orclpass";
public void init(ServletConfig sc) throws ServletException {
// DB connection code
try{
Class.forName("oracle.jdbc.driver.OracleDriver");
con=DriverManager.getConnection(s1,s2,s3);
st=con.createStatement();
super.init(sc);
}
catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try{
response.setContentType("text/html");
out = response.getWriter();
name=request.getParameter("uname");
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
while(rs.next()){
out.println(rs.getString(1)+" "+rs.getString(2)+" "+rs.getString(3)+" "+rs.getString(4));
}
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
rs.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
try{
st.close();
con.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
}
Finally I have table in orcl DB is :
details: FIRSTNAME LASTNAME ADDRESS EMAILID
错误: 信息:服务器启动时间为1080毫秒 java.sql.SQLException:ORA-00904:“USHA”:标识符无效
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:743)
at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:207)
at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:790)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1038)
at oracle.jdbc.driver.T4CStatement.executeMaybeDescribe(T4CStatement.java:830)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1133)
at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1273)
at com.myservlets.demo.Servletdb.doGet(Servletdb.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
答案 0 :(得分:2)
这是问题所在:
// BROKEN (will give query such as "select * from details where FIRSTNAME=Jon"
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
我怀疑你意味着在name
的值周围添加单引号,以便where
子句类似于where FIRSTNAME='Jon'
:
// WARNING: DO NOT USE (keep reading) even though it works in simple cases
rs = st.executeQuery("select *from details where FIRSTNAME='" + name + "'");
...但这仍然不是解决问题的好方式,因为它容易受到SQL injection attacks的影响。相反,您应该使用预准备语句 - 打开连接,然后使用:
PreparedStatement query =
conn.prepareStatement("select * from details where FIRSTNAME=?");
query.setString(1, name);
ResultSet results = query.executeQuery();
...
请注意,我会在每个请求上单独打开连接,并在完成后(使用try-with-resources语句)关闭它,使用连接池提高效率。这比尝试在多个线程之间安全地共享单个连接更清晰。
有关使用预准备语句的更多详细信息,请参阅JDBC tutorial on PreparedStatement
。