java为什么这个语句rs=st.executeQuery(查询);这不是执行吗?如何从两个表中仅选择一个表dependent input type=radio from mysql?
为什么这个查询是rs=st.executeQuery(query)
;是否未执行以从数据库中选择表
String gender = request.getParameter("gender");
if (gender != null) {
String table = gender.equals("teacher") ? "teacher2" : "student";
String query ="select username,password from " +table+ " where username='"+name+"' AND password='"+abc+"'";
rs=st.executeQuery(query); //Why This statement having error
}
Mysql查询对于这个表enter image description here我认为这个查询是错误的
"select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";
我有两个表,一个是给老师的,一个是给学生的,两个表都有相同数据类型的相同列
如何从mysql数据库中选择表进行登录。我有两个表,一个是学生表,一个是教师表,如果用户选择教师,单选按钮并输入用户名和密码,如果用户用户名和密码等于mysql数据库用户名和密码,他将获得登录权限,如果学生选择学生电台,则获得登录权限,但如果用户名和密码,则输入用户名和密码,密码等于mysql用户名的学生表,他将获得登录密码
为什么不执行此查询来选择表
rs=st.executeQuery(query);
出现错误的图像
enter image description here//错误
索引。jsp
<form method="GET " action="statement.jsp" autocomplete="on">
<input id="username" name="username" required="required" type="text" placeholder="Username"/>
<input id="password" name="password" required="required" type="password" placeholder="Password" />
<input type="radio" name="gender" value="teacher" checked/> Teacher
<input type="radio" name="gender" value="Student"/>Student
<input type="submit" value="Login" />
</form>
语句。jsp
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="com.mysql.jdbc.Statement"%>
<%@page import="com.mysql.jdbc.Connection"%>
<%@page import=" java.sql.SQLException" %>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@include file="db conn.jsp" %>
<%
String name=request.getParameter("username");
String abc=request.getParameter("password");
String gender = request.getParameter("gender");
if (gender != null) {
String table = gender.equals("teacher") ? "teacher2" : "student";
String query ="select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";
rs=st.executeQuery(query); //Why This statement having error
}
if(rs.next())
{
response.sendRedirect("main.jsp");
}
else
{
response.sendRedirect("index.jsp");
}
%>
db conn.jsp//用于数据库连接
<%@page import="com.mysql.jdbc.Connection"%>
<%@page import="com.mysql.jdbc.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.DriverManager"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Hello World!</h1>
<%@ page import ="java.sql.*" %>
<%
Connection c1 = null;
Statement st = null;
ResultSet rs = null;
Class.forName("com.mysql.jdbc.Driver");
c1 = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/teacher","root", "abcde");
{
System.out.println("Couldn't find the driver!");
System.out.println("Couldn't connect: print out a stack trace and exit.");
System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
st = (Statement) c1.createStatement();
System.out.println("Statement Created Successfully");
{
System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
}
if (c1!= null) {
System. out.println("Hooray! We connected to the database!");
} else {
System.out.println("We should never get here.");
}}
%>
错误
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Exception in JSP: /statement.jsp:29
26: String table = gender.equals("teacher") ? "teacher2" : "student";
27: // replace dots with your values
28: String query ="select * from " +table+ "where username='"+name+"' AND password='"+abc+"'";
29: st.executeQuery(query);
30:
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
# 1 楼答案
字符串中缺少空格:
在第一个字符串中添加空格,您将得到正确的查询。然后再试一次
而且,您不应该对SQL使用字符串连接,因为它容易受到SQL注入攻击。而是使用查询参数
有关如何执行此操作的更多信息,请阅读此处:
http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement
# 2 楼答案
"select * from ' " +table+ " ' where username like '"+name+ "'" AND password like '"+abc+"
U应调用以下格式列的值