[英]Datatables Standalone Editor in Java Servlet
I use the DataTables Standalone Editor for fields in my web application. 我将DataTables独立编辑器用于我的Web应用程序中的字段。 The creators of this software have PHP classes but not java ones so I whipped up a quick java servlet to accept incoming fields to be edited.
这个软件的创建者有PHP类,但没有java类,所以我创建了一个快速的java servlet来接受要编辑的传入字段。 The javascript is as follows: (as you can see there are different fields for one url)
javascript如下:(如您所见,一个网址有不同的字段)
editor = new $.fn.dataTable.Editor( {
ajax: "/json/fields/server",
fields: [ {
label: "Status:",
name: "status",
type: 'radio',
options: [
{ label: 'Enabled', value: 'Enabled' },
{ label: 'Disabled', value: 'Disabled' }
]
}, {
label: "Server IP address:",
name: "server-ip"
}, {
label: "Polling period:",
name: "poll-period"
}, {
name: "protocol", // `label` since `data-editor-label` is defined for this field
type: "select",
options: [
{ label: 'TCP', value: 'TCP' },
{ label: 'UDP', value: 'UDP' }
]
}
]
} );
I use something like this in my java servlet: 我在java servlet中使用这样的东西:
String serverid = request.getParameter("serverid");
String[] status = {"status", request.getParameter("data[keyless][status]")};
String[] server-ip = {"server-ip", request.getParameter("data[keyless][server-ip]")};
String[] protocol = {"protocol", request.getParameter("data[keyless][protocol]")};
String[][] fields = {status, server-ip, protocol};
Connection conn = null;
PreparedStatement pst = null;
String write = null;
try {
conn = ConnectionManager.getConnection();
for(String[] field : fields){
if(field[1] != null){
write = "{\"data\":[{\"" + field[0] + "\":\"" + field[1] + "\"}]}";
pst = conn.prepareStatement("UPDATE server SET " + field[0] + " = ? WHERE id = ?");
pst.setString(1, field[1]);
pst.setString(2, serverid);
pst.execute();
pst.close();
break;
}
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
DBUtil.close(conn);
DBUtil.close(pst);
}
response.setContentType("application/json");
PrintWriter writer = response.getWriter();
if(write != null)
writer.write(write);
writer.close();
I use the string array with the field name first to protect against sql injection attacks but I cant use parameters because the field name is dynamic. 我首先使用带有字段名称的字符串数组来防止sql注入攻击但我不能使用参数,因为字段名称是动态的。
My question is, is there a better way to accomplish this? 我的问题是,有没有更好的方法来实现这一目标?
Yes. 是。 No need to reinvent the wheel.
无需重新发明轮子。 You can probably save yourself a lot of time by simply visiting http://jed-datatables.net .
您可以通过访问http://jed-datatables.net节省大量时间。 It has all the examples you'd would need to work with datatables.
它包含了处理数据表所需的所有示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.