我创建了一种在数据库上运行选择查询的方法,如果数据库中已经存在电子邮件,则返回布尔值true;如果电子邮件中不存在则返回布尔值false。问题是无论电子邮件是否存在,它都会返回true。
这是我的Servlet
@WebServlet(name = "EmailListServlet")
public class EmailListServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String url = "/index.html";
String action = request.getParameter("action");
if (action ==null){
action = "join";
}
if (action.equals("join")){
url = "/index.html";
} else if (action.equals("add")){
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String email = request.getParameter("email");
User user = new User(firstName,lastName,email);
UserDB.doesEmailExist(user);
if (false) {
UserDB.insert(user);
System.out.println(user.getEmail() + " has joined.");
} else {
//input an alert here
System.out.println("email already taken");
}
url = "/index.html";
} else if (action.equals("delete")){
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String email = request.getParameter("email");
User user = new User(firstName,lastName,email);
UserDB.delete(user);
url = "/index.html";
} else if (action.equals("select")){
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String email = request.getParameter("email");
User u1 = new User(firstName,lastName,email);
UserDB.selectUsers(u1);
ArrayList<User> users = UserDB.selectUsers(u1);
request.setAttribute("users",users);
url= "/update.jsp";
} else if (action.equals("update")){
String firstName = request.getParameter("firstName");
String lastName = request.getParameter("lastName");
String email = request.getParameter("email");
String id = request.getParameter("id");
User user = new User(firstName,lastName,email, id);
UserDB.update(user);
url = "/update.jsp";
}
getServletContext().getRequestDispatcher(url).forward(request,response);
}
这里是具有选择语句和验证方法的数据库类
public class UserDB {
public static int insert(User user) {
Connection conn;
PreparedStatement ps = null; //Prepared statement is a way to protect from code injection
String insertQuery = "insert into email_user(email_user_firstname, email_user_lastname, email_user_email) " +
"values (?,?,?)";
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/email_list", "root", "mysql");
ps = conn.prepareStatement(insertQuery);
ps.setString(1, user.getFirstName());
ps.setString(2, user.getLastName());
ps.setString(3, user.getEmail());
return ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
return 0;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return 0;
} finally {
DBUtil.closePreparedStatement(ps);
}
}
public static int delete(User user){
Connection conn;
PreparedStatement ps = null; //Prepared statement is a way to protect from code injection
String deleteQuery = "delete from email_user where email_user_email = ?";
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/email_list", "root", "mysql");
ps = conn.prepareStatement(deleteQuery);
ps.setString(1, user.getEmail());
return ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
return 0;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return 0;
} finally {
DBUtil.closePreparedStatement(ps);
}
}
public static ArrayList<User> selectUsers(User u1) {
Connection conn;
PreparedStatement ps = null;
String selectAll = "select * from email_user";
ResultSet rs = null;
ArrayList<User> users = new ArrayList();
{
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/email_list", "root", "mysql");
ps = conn.prepareStatement(selectAll);
//User u1 = new User();
//ps.setString(1, u1.getEmail());
String queryEmail = u1.getEmail();
//System.out.println("Your email is " + queryEmail);
rs = ps.executeQuery();
while (rs.next()){
User user = new User();
user.setFirstName(rs.getString("email_user_firstname"));
user.setLastName(rs.getString("email_user_lastname"));
user.setEmail(rs.getString("email_user_email"));
user.setId(rs.getString(1));
users.add(user);
}
ArrayList<User> singleUser = new ArrayList<>();
for (int i = 0; i < users.size(); i++){
if (queryEmail.equals(users.get(i).getEmail())){
singleUser.add(users.get(i));
System.out.println(queryEmail + " : They matched");
}
}
return singleUser;
} catch (SQLException | ClassNotFoundException e) {
e.printStackTrace();
return null;
}finally {
DBUtil.closePreparedStatement(ps);
}
}
}
public static int update(User user){
Connection conn;
PreparedStatement ps = null; //Prepared statement is a way to protect from code injection
String updateQuery = "update email_user set email_user_firstname = ?, email_user_lastname = ?, email_user_email = ? where idemail_user = ?";
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/email_list", "root", "mysql");
ps = conn.prepareStatement(updateQuery);
ps.setString(1, user.getFirstName());
ps.setString(2, user.getLastName());
ps.setString(3, user.getEmail());
ps.setString(4, user.getId());
return ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
return 0;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return 0;
} finally {
DBUtil.closePreparedStatement(ps);
}
}
public static boolean doesEmailExist(User user){
Connection conn;
PreparedStatement ps = null; //Prepared statement is a way to protect from code injection
String selectQuery = "select email_user_email from email_user where email_user_email = ?";
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/email_list", "root", "mysql");
ps = conn.prepareStatement(selectQuery);
ps.setString(1, user.getEmail());
return ps.execute();
} catch (SQLException e) {
e.printStackTrace();
return false;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return false;
} finally {
DBUtil.closePreparedStatement(ps);
}
}
}
答案 0 :(得分:4)
您已经硬编码了错误条件:
UserDB.doesEmailExist(user);
if (false) {
UserDB.insert(user);
System.out.println(user.getEmail() + " has joined.");
} else {
//input an alert here
System.out.println("email already taken");
}
我会用
if (UserDB.doesEmailExist(user)) {
UserDB.insert(user);
System.out.println(user.getEmail() + " has joined.");
} else {
//input an alert here
System.out.println("email already taken");
}
答案 1 :(得分:0)
在这里,“如果”不检查电子邮件是否已经存在。
UserDB.doesEmailExist(user);
if (false) {
UserDB.insert(user);
System.out.println(user.getEmail() + " has joined.");
} else {
//input an alert here
System.out.println("email already taken");
}
将UserDB.doesEmailExist(user)放入if中。