我无法管理我应用的这一部分。我必须从jsp页面中删除mysql数据库中的一些记录(从DB正确加载),选中复选框并单击“提交”按钮。 即使正确显示数据,也不会从DB中删除任何内容 这是代码:
这是班级
/* ArticoliManager.java */
public class ArticoliManager {
public void cancellaArticolo(String chboxArticoliDaCancellare[]) throws SQLException{
Connection con = DBConnectionPool.getConnection();
PreparedStatement ps = null;
try {
for(String deleteThem:chboxArticoliDaCancellare){
String query = "DELETE * FROM articoli WHERE id='"+deleteThem+"'";
ps = con.prepareStatement(query);
ps.executeUpdate();
con.commit();
}
}
finally {
if (ps != null) {
try {
ps.close();
}
catch (SQLException ignored) {
}
}
try {
con.close();
}
catch (SQLException ignored) {
}
}
}
}
这是servlet
/* CancellaArticolo.java
*/
public class CancellaArticoloServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
int idArticoloDaCancellare = 0;
try {
ArticoliManager am = new ArticoliManager();
String chboxArticoliDaCancellare[] = request.getParameterValues("chbox");
am.cancellaArticolo(chboxArticoliDaCancellare);
request.getRequestDispatcher("gestione_admin.jsp").forward(request, response);
} finally {
out.close();
}
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
这是jsp页面的一部分
/* gestione_admin.jsp */
<%
for (int i=0; i<al.size(); i++){
out.println("<table>");
out.println("<tr>");
out.println("<td>");
%>
<form action="CancellaArticolo">
<input type="checkbox" name="chbox" value="<%=+al.get(i).getId()%>"/>
<%
out.println("<b>Autore: </b>"+al.get(i).getAutore()+" <b>Articolo: </b>"+al.get(i).getTitolo()+"</td>");
out.println("</tr>");
out.println("</table>");
%>
</form>
<%
}
%>
<input type="submit" value="Cancella Articoli Selezionati"></input>
</form>
答案 0 :(得分:0)
复选框值必须是项目的ID。像这样:
<input type="checkbox" name="chbox" value="<%=al.get(i).getId()%>"/>
当您打扰调试chboxArticoliDaCancellare值时,您应该已经发现了这一点。就像你拥有它一样,它们都是"chkbox"。
您还需要确保输入元素都在相同 <form>内,作为提交按钮,该按钮应该发送所需的数据。所以,基本上:
<form action="yourServletURL" method="post">
...
<input type="checkbox" ... />
...
<input type="checkbox" ... />
...
<input type="checkbox" ... />
...
<input type="submit" ... />
...
</form>
无关,您没有正确使用PreparedStatement。您仍然有一个SQL注入漏洞,因为您在SQL字符串中连接了用户控制的请求参数值,而不是使用占位符?和PreparedStatement#setXxx()调用。另外,考虑一下JSTL / EL,它会使你的演示代码更清晰。