使用 Java Servlet/jsp 将产品添加到数据库
[英]Add a product to a Database using Java Servlet/jsp
问题描述
Could you help me to solve this?
你能帮我解决这个问题吗? I cant find what is happening.我找不到正在发生的事情。 I'm doing a web application using Java Servlets and JSP.我正在使用 Java Servlets 和 Z2D7FCA4F5778E4B294B606914719 执行 web 应用程序。
It show's this in the URL when I try to add a product: http://localhost:8080/ProductMaintenanceMdy/add?action=add&code=8768&description=mylove&price=15.55&Add+product=Submit当我尝试添加产品时,它在 URL 中显示: http://localhost:8080/ProductMaintenanceMdy/add?action=add&code=8768&description=mylove&price=15.55&Add+product=
Since it shows the data entered in the URL, that means the form in the addProduct.jsp is working, but it doesn't save the product in the database.由于它显示了 URL 中输入的数据,这意味着 addProduct.jsp 中的表单正在工作,但它不会将产品保存在数据库中。
Could you check if my servlet code, mapping code and query function to add are right?你能检查我添加的servlet代码、映射代码和查询function是否正确? Don't be rude, I'm a beginner.别客气,我是初学者。
//Servlet code for add product //添加产品的Servlet代码
else if (action.equals("addProducts")) // this is for action inside display
{
url= "/addProducts.jsp";
}
else if (action.equals("add")) //this is for add inside sddProducts
{
String code= request.getParameter("code");
String description= request.getParameter("description");
Double price=Double.parseDouble(request.getParameter("price"));
Product p= new Product();
p.setCode(code);
p.setDescription(description);
p.setPrice(price);
ProductDB.insertProduct(p); //implemented it inside productDB.java
url="/addProducts.jsp";
}
// Web xml mapping section for add // Web xml 映射部分用于添加
<servlet-mapping>
<servlet-name>ProdMaintAppServlet</servlet-name>
<url-pattern>/add</url-pattern>
</servlet-mapping>
// method inside the ProductDB (class for the database queries functions) // ProductDB 中的方法(用于数据库查询功能的类)
public static void insertProduct(Product p) {
ConnectionPool pool = ConnectionPool.getInstance();
Connection connection = pool.getConnection();
PreparedStatement ps = null;
ResultSet rs = null;
String query=" INSERT INTO productsMaintenance VALUES( '"+ p.getCode()+"','"+ p.getDescription()+"','"+ p.getPriceCurrencyFormat()+"' ) ";
try {
ps = connection.prepareStatement(query);
rs = ps.executeQuery();
}
catch (SQLException e) {
System.err.println(e);
} finally {
DBUtil.closeResultSet(rs);
DBUtil.closePreparedStatement(ps);
pool.freeConnection(connection);
}
}
1 个解决方案
解决方案1
1 2020-04-15 14:21:37
You can find out the root cause by using a debugger .您可以使用调试器找出根本原因。 Apart from it, given below are some best practices which may also help you get rid of the problem.除此之外,下面给出了一些最佳实践,它们也可以帮助您摆脱问题。
For SQL Data Manipulation Language ( DML ) statement, such as INSERT , UPDATE or DELETE , you should use executeUpdate or execute .对于 SQL 数据操作语言 ( DML ) 语句,例如INSERT 、 UPDATE或DELETE ,您应该使用executeUpdate或execute 。
Also, your implementation of PreparedStatement is not different from Statement ie you are actually not utilizing the power and benefits of PreparedStatement .此外,您的PreparedStatement实现与Statement没有什么不同,即您实际上没有利用PreparedStatement的功能和好处。 It should be like它应该像
String query = "INSERT INTO productsMaintenance (Code, Description, PriceCurrencyFormat) VALUES (?, ?, ?)";
ps = conn.prepareStatement(query);
ps.setString (1, p.getCode());
ps.setString (2, p.getDescription());
ps.setString (3, p.getPriceCurrencyFormat());
// execute the PreparedStatement
ps.execute();
This way you can prevent the attempt of SQL injection as well as you can get rid of inserting ' explicitly before and after each data.这样,您可以防止SQL 注入的尝试,并且您可以摆脱在每个数据之前和之后显式插入' 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.