在动态网页上搜索数据库中的数据

时间:2017-01-01 17:33:12

标签: java mysql sql-server jsp

我的网站代码存在问题。当用户可以在jsp页面上搜索活动时,我正在编写一个网站。数据库根据其类型,城市,位置和日期包括一些活动。用户将填写此信息并按提交按钮。将打开名为search.jsp的新jsp页面。用户只能通过填写一个字段来搜索,例如只需填写类型并写入“音乐”。他也可以通过填写“音乐”和“伊斯坦布尔”以及“本周”来填写2或3或所有字段进行搜索。按下提交按钮后。数据将显示在搜索页面上。但我不能这样做。我能怎么做 ? (PS:sql中的表名是活动.Attribitues是id(int主键),type(varchar),description(varchar),city(varchar),location(varchar),date(varchar),price(varchar)。 enter image description here 的success.jsp

<%-- 
Document   : success
Created on : 19.Ara.2016, 12:41:49
Author     : BURAK NURÇİÇEK
--%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<body background="http://www.teamarking.com/barcode/bar_background.jpg"> 

<marquee><h2 style="color:RED">WELCOME TO ONLINE RESERVATION SYSTEM           </marquee></h2>

 <head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>

</head>
<form method = "get" action = "search.jsp">
<table align="right">
    <tr><td><b><font color='#D18603'>Type :</b></td><td><input type="text" name="type" /></td></tr>
    <tr><td><b><font color='#D18603'>City :</b></td><td><input type="text" name="city" /></td></tr>
    <tr><td><b><font color='#D18603'>Location :</b></td><td><input type="text" name="location" /></td></tr>
    <tr><td><b><font color='#D18603'>Date(YYYY-MM-DD) :</b></td><td><select name='search'><option value='1'>Today</option><option value='2'>Tomorrow</option><option value='3'>This Weekend</option><option value='4'>Next Weekend</option><option value='5'>This week</option><<option value='6'>Next 14 Days</option><option value='7'>Next 30 Days</option></select></b>;
    <tr><td colspan="2" align="center"><input type="submit" value="submit" /> <input type="reset" value="reset" /></td></tr></td></tr>
    <%
        String x = (String) application.getAttribute("id");
    //out.println(x);
    %>

</table>
<table>

</table>  
</form>
<table align='left'>
   <ul>
    <li><%
        out.println("<a href='music.jsp'>Music</a>");
        %>
    </li>
    <li><%
        out.println("<a href='sport.jsp'>Sport</a>");
        %></li>
    <li> <%
        out.println("<a href='stage.jsp'>Stage</a>");
        %></li>
    <li> <%
        out.println("<a href='family.jsp'>Family</a>");
        %></li>
    <li> <%
        out.println("<a href='education.jsp'>Education</a>");
        %></li>
   </ul>
   <div class="landscape">


    <script language="javascript" src="http://is.sitekodlari.com/takvim5.js"></script>
    <script language="javascript" src="http://is.sitekodlari.com/paylas17.js"></script>



    <%
        String username = (String) request.getSession().getAttribute("username");
        out.println("<br> Welcome " + username);

        out.println(
                "<br><a href='logout.jsp'>Log out</a>");

        out.println(
                "<br><a href='myreservations.jsp'>My Reservations</a>");
    %>

 </table>
 </div>
 </body>
 </html>

search.jsp的

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import ="java.sql.*" %>




<!DOCTYPE html>
<html>
<body background="http://www.teamarking.com/barcode/bar_background.jpg"> 
    <form method="post" action="reservations.jsp">

        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Book Ticket</title>
    </head>

    <center>    
        <table border="1" width="30%" height="30%">
            <th><font color='#D18603'>id</font>
            <th><font color='#D18603'>Type</font></th>
            <th><font color='#D18603'>Description</font></th>
            <th><font color='#D18603'>City</font></th>
            <th><font color='#D18603'>Location</font></th>
            <th><font color='#D18603'>Date</font></th>
            <th><font color='#D18603'>Price</font></th>
            <th><font color='#D18603'>Buy</font>





                <%
                    Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
                    Connection con = DriverManager.getConnection("jdbc:derby://localhost:1527/users", "users", "123");

                    Statement st = con.createStatement();
                    ResultSet rs;
                    /* ERROR IN PARAMETERS */           rs = st.executeQuery("select * from activities where type='"+request.getParameter(type)+"' AND city='"+request.getParameter(city)+"' AND location='"+request.getParameter(location)+"' AND date='"+request.getParameter(date)+"'");
                    while (rs.next()) {

                        out.println("<tr>");
                        out.println("<form action='reservations.jsp'>");
                        out.println("<td>" + rs.getString("id") + "<input type='hidden' name='id' value='" + rs.getString("id") + "'></td>");
                        out.println("<td>" + rs.getString("type") +"<input type='hidden' name='type' value='" + rs.getString("type") + "'></td>");
                        out.println("<td>" + rs.getString("description") + "<input type='hidden' name='description' value='" + rs.getString("description") + "'></td>");
                        out.println("<td>" + rs.getString("city") + "<input type='hidden' name='city' value='" + rs.getString("city") + "'></td>");
                        out.println("<td>" + rs.getString("location") + "<input type='hidden' name='location' value='" + rs.getString("location") + "'></td>");
                        out.println("<td>" + rs.getString("date") +"<input type='hidden' name='date' value='" + rs.getString("date") + "'></td>");
                        out.println("<td>" + rs.getString("price") + "<input type='hidden' name='price' value='" + rs.getString("price") + "'></td>");

                        out.println("<td><b><form action='reservations.jsp'><select name='buy'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option><option value='4'>4</option><option value='5'>5</option></select><input type='submit' value='Submit'></form></b>");

                        out.println("</tr>");

                    }
                    st.close();

                %>


                </center>
        </table>

        <br>  <br><a href='success.jsp'>Back</a>
        <br><br><a href='logout.jsp'>Log out</a>
  </form>
  </body>
  </html>

我给出了这个错误。因为我的sql代码错误,我无法获得此值enter image description here

2 个答案:

答案 0 :(得分:1)

您想使用字符串:

rs = st.executeQuery("select * from activities where type='"+request.getParameter("type")+"' AND city='"+request.getParameter("city")+"' AND location='"+request.getParameter("location")+"' AND date='"+request.getParameter("date")+"'");

另外,养成使用PreparedStatement的习惯(其中一个原因是删除SQL注入漏洞),你可以这样定义:

PreparedStatement ps = con.prepareStatement("select * from activities where type=? AND city=? AND location=? AND date=?");

ps.setString(1, request.getParameter("type"));
ps.setString(2, request.getParameter("city"));
ps.setString(3, request.getParameter("location"));
ps.setString(4, request.getParameter("date"));

rs = ps.executeQuery();

最后,不推荐使用JSP中的Java代码。您应该尝试将项目建模为MVC格式。

答案 1 :(得分:0)

错误似乎是JSP页面本身没有编译。你有没有想过你写的代码出了什么问题。

错误说,无法识别变量类型,城市,位置。建议你检查对象HttpServletRequest的 getParameter 方法作为参数。

其次,最佳实践是将数据库查询移动到Java类中,而不是将其放在JSP页面本身中。