Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java为什么这个语句rs=st.executeQuery(查询);这不是执行吗?如何从两个表中仅选择一个表dependent input type=radio from mysql?

1 月,1 周 Questions & Answers

为什么这个查询是rs=st.executeQuery(query);是否未执行以从数据库中选择表

  String gender = request.getParameter("gender");
  if (gender != null) {
  String table = gender.equals("teacher") ? "teacher2" : "student";

  String query ="select username,password from " +table+ " where username='"+name+"' AND password='"+abc+"'";

  rs=st.executeQuery(query);  //Why This statement having error
  }

Mysql查询对于这个表enter image description here我认为这个查询是错误的

 "select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";

我有两个表,一个是给老师的,一个是给学生的,两个表都有相同数据类型的相同列

如何从mysql数据库中选择表进行登录。我有两个表,一个是学生表,一个是教师表,如果用户选择教师,单选按钮并输入用户名和密码,如果用户用户名和密码等于mysql数据库用户名和密码,他将获得登录权限,如果学生选择学生电台,则获得登录权限,但如果用户名和密码,则输入用户名和密码,密码等于mysql用户名的学生表,他将获得登录密码

为什么不执行此查询来选择表

rs=st.executeQuery(query);

出现错误的图像

enter image description here//错误

索引。jsp

 <form  method="GET " action="statement.jsp" autocomplete="on"> 

 <input id="username" name="username" required="required" type="text" placeholder="Username"/>
 <input id="password" name="password" required="required" type="password" placeholder="Password" /> 

 <input type="radio" name="gender" value="teacher" checked/> Teacher
 <input type="radio" name="gender" value="Student"/>Student

 <input type="submit" value="Login" /> 
 </form>

语句。jsp

 <%@page import="java.sql.DriverManager"%>
 <%@page import="java.sql.ResultSet"%>
 <%@page import="com.mysql.jdbc.Statement"%>
 <%@page import="com.mysql.jdbc.Connection"%>
 <%@page  import=" java.sql.SQLException" %>
 <%@page contentType="text/html" pageEncoding="UTF-8"%>

 <%@include file="db conn.jsp" %>
 <% 
 String name=request.getParameter("username");
 String abc=request.getParameter("password");       

 String gender = request.getParameter("gender");

 if (gender != null) {
 String table = gender.equals("teacher") ? "teacher2" : "student";

 String query ="select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";

   rs=st.executeQuery(query);  //Why This statement having error
  }
    if(rs.next()) 
   {
    response.sendRedirect("main.jsp");
   }
   else
   {
    response.sendRedirect("index.jsp");
    }
  %>

db conn.jsp//用于数据库连接

  <%@page import="com.mysql.jdbc.Connection"%>
  <%@page import="com.mysql.jdbc.Statement"%>
  <%@page import="java.sql.ResultSet"%>
  <%@page import="java.sql.DriverManager"%>
  <%@page contentType="text/html" pageEncoding="UTF-8"%>
  <!DOCTYPE html>
  <html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>JSP Page</title>
  </head>
  <body>
  <h1>Hello World!</h1>

  <%@ page import ="java.sql.*" %>
  <%
    Connection c1 = null;
    Statement st = null;
    ResultSet rs = null;

    Class.forName("com.mysql.jdbc.Driver");
    c1 = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/teacher","root", "abcde");
    {
    System.out.println("Couldn't find the driver!");
    System.out.println("Couldn't connect: print out a stack trace and exit.");
    System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");

    st = (Statement) c1.createStatement();
    System.out.println("Statement Created Successfully");
    {
    System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
     }
    if (c1!= null) {
    System. out.println("Hooray! We connected to the database!");
     } else {
    System.out.println("We should never get here.");
    }}
  %>

错误

 HTTP Status 500 -
 type Exception report
 message
 description The server encountered an internal error () that prevented it from fulfilling this request.
 exception

 org.apache.jasper.JasperException: Exception in JSP: /statement.jsp:29

 26:    String table = gender.equals("teacher") ? "teacher2" : "student";
 27:    // replace dots with your values
 28:     String query ="select * from " +table+ "where username='"+name+"' AND password='"+abc+"'";
 29:     st.executeQuery(query); 
 30:

Stacktrace:

org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) javax.servlet.http.HttpServlet.service(HttpServlet.java:729)


共 (2) 个答案

  1. # 1 楼答案

    字符串中缺少空格:

    "select * from " +table+ " where username like '"+name+ "'" AND password like '"+abc+" '

    在第一个字符串中添加空格,您将得到正确的查询。然后再试一次

    而且,您不应该对SQL使用字符串连接,因为它容易受到SQL注入攻击。而是使用查询参数

    有关如何执行此操作的更多信息,请阅读此处:
    http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement

  2. # 2 楼答案

    "select * from ' " +table+ " ' where username like '"+name+ "'" AND password like '"+abc+"

    U应调用以下格式列的值

     ' " + variablename + " '