更新servlet中的sql语句而不是servlet
[英]Update sql statement in servlet not in servlet
问题描述
I am trying to allow the user to change the password if he enters the right username. 
我试图允许用户在输入正确的用户名时更改密码。 The username is drawn from the database and compared to the username the user enter in a form. 用户名从数据库中提取,并与用户在表单中输入的用户名进行比较。 My problem is after the validation is done the UPDATE statement is not producing any result. 我的问题是在验证完成后UPDATE语句没有产生任何结果。 Can someone help me out please? 有人可以帮帮我吗?
String un = request.getParameter("username");
String psw = request.getParameter("password");
String cPsw = request.getParameter("cpassword");
Connection con = ConnectionHelper.getConnection();
try {
ResultSet rs = userList(con);
if (rs.next()) {
String n = rs.getString("username");
if (n.equals(un)) {
out.print("Password match");
String updateQuery = "UPDATE RegisteredUserInfo SET password ='"
+ cPsw + "'WHERE username ='" + un + "'";
PreparedStatement ps1 = con.prepareStatement(updateQuery);
ps1.executeQuery();
ServletContext context = getServletContext();
RequestDispatcher rd = context
.getRequestDispatcher("/Welcome.jsp");
rd.forward(request, response);
}
}
} catch (SQLException sx) {
out.println();
}
}
public ResultSet userList(Connection con) throws SQLException {
PreparedStatement ps;
ResultSet rs;
String matchingUname = "SELECT username FROM RegisteredUserInfo";
ps = con.prepareStatement(matchingUname);
rs = ps.executeQuery();
return rs;`
2 个解决方案
解决方案1
2 已采纳 2014-05-27 20:19:21
Try with ps1.execute(); 尝试使用ps1.execute(); or ps1.executeUpdate() instead of ps1.executeQuery(); 或者ps1.executeUpdate()而不是ps1.executeQuery();
Call con.commit(); 致电con.commit(); to commit the changes and Don't forget to close the resources in the end. 提交更改并且不要忘记最后关闭资源。
Check the return type of below methods to make sure that data is inserted properly. 检查以下方法的返回类型 ,以确保正确插入数据。
ResultSet executeQuery() ResultSet executeQuery()
Executes the SQL query in this PreparedStatement object and returns the ResultSet object generated by the query. 在此PreparedStatement对象中执行SQL查询,并返回查询生成的ResultSet对象。
int executeUpdate() int executeUpdate()
Executes the SQL statement in this PreparedStatement object, which must be an SQL INSERT, UPDATE or DELETE statement; 执行此PreparedStatement对象中的SQL语句,该对象必须是SQL INSERT,UPDATE或DELETE语句; or an SQL statement that returns nothing, such as a DDL statement. 或者不返回任何内容的SQL语句,例如DDL语句。
Ream more about Difference between execute, executeQuery, executeUpdate 更多关于execute,executeQuery,executeUpdate之间的区别
Points to Remember 要记住的要点
- Use PreparedStatement instead of using single quoted query string that may cause issue. 使用PreparedStatement而不是使用可能导致问题的单引号查询字符串。 Find a sample on Using Prepared Statements 查找使用准备语句的示例
- Don't forget to close the resources such as connection, result set and statement. 不要忘记关闭连接,结果集和语句等资源。
- Use finally block to handle it or Read more about Java7 -The try-with-resources Statement 使用finally块来处理它或阅读有关Java7的更多信息- try-with-resources语句
- Don't simply eat the exception in catch block. 不要简单地在catch块中吃掉异常。 Do proper handling of the exception. 正确处理异常。 You can try with
e.printStackTrace()while development.您可以在开发时尝试使用e.printStackTrace()。
解决方案2
1 2014-05-27 20:20:54
You need to call executeUpdate() for SQL UPDATE (or INSERT/DELETE). 您需要为SQL UPDATE(或INSERT / DELETE)调用executeUpdate() )。
String updateQuery = "UPDATE RegisteredUserInfo SET password = ?"
+ " WHERE username = ?";
PreparedStatement ps1 = con.prepareStatement(updateQuery);
ps1.setString(1, cPsw);
ps1.setString(2, un);
ps1.executeUpdate();
Also use the PreparedStatement as above. 也可以使用上面的PreparedStatement。 Look for SQL Injection, also escapes ' . 寻找SQL注入,也逃避' 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.