MYSQL Delete语句不能与Java Servlet一起使用

时间:2015-04-28 15:08:30

标签: java mysql servlets jdbc

我有一个允许用户输入单词的网页,当提交该单词时,它将从mysql数据库中删除。然而问题是该声明没有被执行。

我的表格:

<form id="rem1" action="removeGER" method="GET">
        <input type="text" name="wordToRemoveGER" placeholder="Entry (GER)">
        <input type="submit" id="removeBtnGER" value="Remove Entry">
 </form>

我的servlet:

@WebServlet(name = "removeGER", urlPatterns = {"/removeGER"})
public class removeGER extends HttpServlet {

/**
 * Handles the HTTP <code>POST</code> method.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html");
    String wordGER = request.getParameter("wordToRemoveGER");
    PrintWriter out = response.getWriter();

    out.println("<!DOCTYPE html>");
    out.println("<html>");
    out.println("<head>");
    out.println("<title>Remove Word</title>");
    out.println("</head>");
    out.println("<body>");
    Connection conn = null;

    try {
        // Database Checking Area
        SimpleDataSource.init("/database.properties");
    } catch (ClassNotFoundException ex) {
        Logger.getLogger(Register.class.getName()).log(Level.SEVERE, null, ex);
    }
    try {
        conn = SimpleDataSource.getConnection();
        Statement stat = conn.createStatement();
        //ResultSet result = 
        stat.executeQuery(" DELETE FROM `word` WHERE `word` = \""+wordGER+"\"");
        out.println("<h2>You have successfully removed the word " + wordGER + "!</h2>");
    } catch (SQLException ex) {
        Logger.getLogger(removeID.class.getName()).log(Level.SEVERE, null, ex);
    }
    out.println("</body>");
    out.println("</html>");
}

}

我知道正确地从表单中检索String,我知道正在执行try块。问题似乎与mysql语句本身有关。

2 个答案:

答案 0 :(得分:4)

您有以下问题:

  1. 您正在执行多个语句,可能您的连接不允许它。
  2. 执行多个语句时,应使用Statement#execute,而不是Statement#executeUpdate
  3. 如果您需要将参数传递给查询,请不要将其直接附加到您的sql中,这是SQL Injection攻击的原因。请改用PreparedStatement
  4. 为此,请确保您的连接允许通过将此参数添加到您的连接网址来执行多个语句:allowMultiQueries=true

    连接URL的外观示例:

    jdbc:mysql://<server>:<port>/<database>?allowMultiQueries=true
    

    如果您使用PreparedStatement

    ,代码的外观如何
    conn = SimpleDataSource.getConnection();
    String sql = "SET SQL_SAFE_UPDATES = 0; DELETE FROM `word` WHERE `word` = ?";
    PreparedStatement stat = conn.prepareStatement(sql);
    stat.setString(1, wordGER);
    stat.execute();
    

    既然您使用了一个删除语句,那么您只需要使用PreparedStatement#executeUpdate而不是executeQuery

答案 1 :(得分:-2)

使用

internal static List<Inconsistence> FilterList(DateTime? StartDate, DateTime? EnDate, decimal? State, decimal? Type)
{
    using (Model m = new Model())
    {
        return m.DBContext
                .InconsistencyDebtors
                .Join(m.DBContext.Inconsistencies,
                      u => u.InconsistencyId, 
                      uir => uir.InconsistencyId,
                      (u, uir) => new { u, uir })
                .Join(m.DBContext.InconsistencyDebtorDocuments,
                      r => r.uir.InconsistencyId, 
                      ro => ro.InconsistencyId, 
                      (r, ro) => new { r, ro })
                .Where(g => 
                       g.r.uir.InconsistencyStateId == State &&
                       g.r.uir.InconsistencyTypeId == Type  && 
                       g.r.uir.InsDate >= StartDate && 
                       EnDate >= g.r.uir.InsDate)
                .Select(g => new Inconsistence()
                   {
                       ParticipantCode = g.r.u.ParticipantCode,
                       DebtorId = g.ro.DebtorId,
                       InconsistencyTypeId = g.r.uir.InconsistencyTypeId,
                       InconsistencyStateId = g.r.uir.InconsistencyStateId,
                       DateInconsistence = g.r.uir.InsDate
                   })
                .ToList();
    }
}

而不是

$('table:lt(2) .collection-row td:gt(1):lt(5) input')

您还应该确保关闭语句,并在完成语句后关闭