为啥这个语句 rs=st.executeQuery(query);是否在执行?如何仅选择一个表,这取决于两个表中来自 mysql 的输入 type=radio?

Posted

技术标签:

【中文标题】为啥这个语句 rs=st.executeQuery(query);是否在执行?如何仅选择一个表,这取决于两个表中来自 mysql 的输入 type=radio?【英文标题】:Why this statement rs=st.executeQuery(query); is not excuting? How can I select only a table depend on input type=radio from mysql from two tables?为什么这个语句 rs=st.executeQuery(query);是不是在执行?如何仅选择一个表,这取决于两个表中来自 mysql 的输入 type=radio? 【发布时间】:2016-12-06 23:43:28 【问题描述】:

为什么这个查询是rs=st.executeQuery(query);没有执行从数据库中选择表?

  String gender = request.getParameter("gender");
  if (gender != null) 
  String table = gender.equals("teacher") ? "teacher2" : "student";

  String query ="select username,password from " +table+ " where username='"+name+"' AND password='"+abc+"'";

  rs=st.executeQuery(query);  //Why This statement having error
  

Mysql 查询这个表enter image description here我认为这个查询是错误的

 "select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";

我有两张表,一张是给老师的,一张是给学生的,它们都有相同的列和相同的数据类型。

如何从 mysql 数据库中选择表来登录。我有两张表,一张给学生,一张给老师,如果用户选择老师,单选按钮并输入用户名和密码,如果用户名和密码等于mysql数据库用户名和密码,他将登录相同的情况是学生如果他选择学生单选但输入用户名和密码如果用户名,密码等于mysql用户名的学生表,密码他将获得登录。

为什么不执行此查询来选择表

rs=st.executeQuery(query);

即将出现错误的图片

enter image description here //错误

index.jsp

 <form  method="GET " action="statement.jsp" autocomplete="on"> 

 <input id="username" name="username" required="required" type="text" placeholder="Username"/>
 <input id="password" name="password" required="required" type="password" placeholder="Password" /> 

 <input type="radio" name="gender" value="teacher" checked/> Teacher
 <input type="radio" name="gender" value="Student"/>Student

 <input type="submit" value="Login" /> 
 </form> 

statement.jsp

 <%@page import="java.sql.DriverManager"%>
 <%@page import="java.sql.ResultSet"%>
 <%@page import="com.mysql.jdbc.Statement"%>
 <%@page import="com.mysql.jdbc.Connection"%>
 <%@page  import=" java.sql.SQLException" %>
 <%@page contentType="text/html" pageEncoding="UTF-8"%>

 <%@include file="db conn.jsp" %>
 <% 
 String name=request.getParameter("username");
 String abc=request.getParameter("password");       

 String gender = request.getParameter("gender");

 if (gender != null) 
 String table = gender.equals("teacher") ? "teacher2" : "student";

 String query ="select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";

   rs=st.executeQuery(query);  //Why This statement having error
  
    if(rs.next()) 
   
    response.sendRedirect("main.jsp");
   
   else
   
    response.sendRedirect("index.jsp");
    
  %>

db conn.jsp // 用于数据库连接

  <%@page import="com.mysql.jdbc.Connection"%>
  <%@page import="com.mysql.jdbc.Statement"%>
  <%@page import="java.sql.ResultSet"%>
  <%@page import="java.sql.DriverManager"%>
  <%@page contentType="text/html" pageEncoding="UTF-8"%>
  <!DOCTYPE html>
  <html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>JSP Page</title>
  </head>
  <body>
  <h1>Hello World!</h1>

  <%@ page import ="java.sql.*" %>
  <%
    Connection c1 = null;
    Statement st = null;
    ResultSet rs = null;

    Class.forName("com.mysql.jdbc.Driver");
    c1 = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/teacher","root", "abcde");
    
    System.out.println("Couldn't find the driver!");
    System.out.println("Couldn't connect: print out a stack trace and exit.");
    System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");

    st = (Statement) c1.createStatement();
    System.out.println("Statement Created Successfully");
    
    System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
     
    if (c1!= null) 
    System. out.println("Hooray! We connected to the database!");
      else 
    System.out.println("We should never get here.");
    
  %>

错误

 HTTP Status 500 -
 type Exception report
 message
 description The server encountered an internal error () that prevented it from fulfilling this request.
 exception

 org.apache.jasper.JasperException: Exception in JSP: /statement.jsp:29

 26:    String table = gender.equals("teacher") ? "teacher2" : "student";
 27:    // replace dots with your values
 28:     String query ="select * from " +table+ "where username='"+name+"' AND password='"+abc+"'";
 29:     st.executeQuery(query); 
 30:     

堆栈跟踪:

org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

【问题讨论】:

@Jens 为什么是这个查询 rs=st.executeQuery(query);未执行从数据库中选择表? 【参考方案1】:

您在字符串中缺少一个空格:

"select * from " +table+ " where username like '"+name+ "'" AND password like '"+abc+" '

在第一个字符串中添加该空格,您将获得正确的查询。然后再试一次。

你也不应该对 SQL 使用字符串连接,因为它容易受到 SQL 注入攻击。而是使用查询参数。

有关如何执行此操作的更多信息,请阅读此处:http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement

【讨论】:

还是有这个rs=st.executeQuery(query);的错误 org.apache.jasper.JasperException: JSP 中的异常: /statement.jsp:29 rs=st.executeQuery(query); 你可以点击第一张图片查看错误。 @RajpootRANA 你是否像我给你的那样更新了字符串? 是的,但我仍然有这个错误rs=st.executeQuery(query); @RajpootRANA 你能复制粘贴问题中的错误而不是图片吗【参考方案2】:

"select * from ' " +table+ " ' where username like '"+name+ "'" AND password like '"+abc+"'

你应该按照格式调用列的值

 ' " + variablename + " '

【讨论】:

以上是关于为啥这个语句 rs=st.executeQuery(query);是否在执行?如何仅选择一个表,这取决于两个表中来自 mysql 的输入 type=radio?的主要内容,如果未能解决你的问题,请参考以下文章

ResultSet的getInt(),getString()方法

ResultSet的getInt()和getString()方法详解

java获得刚刚更新的记录集的id(主键)

select(sql, args)函数用法,请问select()方法是怎么用的,谢谢了

Can not issue data manipulation statements with executeQuery()

hsqldb select查询真的很慢