在jsp中
<table width="100%" id='table1' border="0" cellspacing="2" cellpadding="2">
<tr class="tab-highlighted-2">
<td class="tab-highlighted-2" width="10%">
<div align="left">Project ID</div>
</td>
<td class="tab-highlighted-2" width="10%">
<div align="left">Project Name</div>
</td>
<td class="tab-highlighted-2" width="20%">
<div align="left">Cost Center</div>
</td>
<td class="tab-highlighted-2" width="20%">
<div align="left">Manager</div>
</td>
</tr>
<tr class="bg-row1">
<c:forEach items="${resultList}" var="resultList">
<td class="td-highlighted-2">
<div align="left"><a href="UpdateProject.html">${resultList.Projid}</a></div>
</td>
<td class="td-highlighted-2">
<div align="left">${resultList.Projname}</div>
</td>
<td class="td-highlighted-2">
<div align="left">${resultList.Cost}</div>
</td>
<td class="td-highlighted-2">
<div align="left">${resultList.Manager}</div>
</td>
</tr>
</table>
在dao
public final class SearchProjDAO
{
private static InitialContext context;
String CLASS_NAME="DBConnectionFactory";
public ArrayList submitProjectDetails(SearchProjVO searchprojVO)
{
ArrayList ar = new ArrayList();
String methodname="createConnection";
Connection conn = null;
PreparedStatement psmt;
try {
System.out.println("in DAO");
System.out.println("searchprojVO id=="+searchprojVO.getProjid());
conn = DBConnection.getJNDIConnection();
ResultSet rs = null;
String query="select * from CR_EMPLOYEE_DETAILS";if(searchprojVO.getProjid()!=null || searchprojVO.getProjname()!=null || searchprojVO.getManager()!=null)
query=query+" where ";
if(searchprojVO.getProjid()!=null)
query=query+" PROJ_ID="+searchprojVO.getProjid();
if(searchprojVO.getProjname()!=null)
query=query+"PROJ_NAME="+searchprojVO.getProjname();
if(searchprojVO.getCost()!=null);
query=query+"PROJ_COST="+searchprojVO.getCost();
if(searchprojVO.getManager()!=null)
query=query+"PROJ_MANAGER="+searchprojVO.getManager();
psmt= conn.prepareStatement(query);
rs=psmt.executeQuery();
while(rs.next())
{
SearchProjVO projVO = new SearchProjVO();
projVO.setProjid(rs.getString("PROJ_ID"));
projVO.setManager(rs.getString("PROJ_NAME"));
projVO.setProjname(rs.getString("PROJ_COST"));
projVO.setManager(rs.getString("PROJ_MANAGER"));
ar.add(projVO);
}
System.out.println("conn==="+conn);
} catch (Exception e) {
e.printStackTrace(System.err);
}
return ar;
}
}
答案 0 :(得分:6)
我发现了几个错误:
下面,
<c:forEach items="${resultList}" var="resultList">
您每次都会使用列表项的值覆盖列表值。不要那样做。为var提供唯一的变量名称。实体名称是最直接的选择。
<c:forEach items="${resultList}" var="project">
请注意,我个人也会将无意义的resultList重命名为更自我解释的projects。
在这里,
<tr class="bg-row1">
<c:forEach items="${resultList}" var="project">
流程是错误的。您应该在每个循环中打印内新行。交换它们。
<c:forEach items="${resultList}" var="project">
<tr class="bg-row1">
在这里,
${resultList.Projid}
${resultList.Projname}
${resultList.Cost}
${resultList.Manager}
属性名称必须以小写字母开头(并将项目名称修改为与var中相同)。
${project.projid}
${project.projname}
${project.cost}
${project.manager}
请注意,我个人也会在某些属性名称中删除proj前缀。
最后你忘记了结束</c:forEach>。
</tr>
</c:forEach>
与具体问题无关,您的JDBC代码对SQL注入攻击敏感并且正在泄漏资源。修复它。