通过文本字段参数中的准备语句将产品添加到数据库
Adding product to DB via prepared statement from textfield parameters
我正在为学校做一个项目 - 我想尝试扩展应用程序,但我有点受困于此。
我正在尝试使用准备好的语句从表单中的文本字段向 Oracle Thin 数据库添加产品。
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
Class.forName(DB.driver);
connection = DriverManager.getConnection(DB.URL, DB.ID, DB.PW);
String query = "insert into parts values (?, '?', ?, ?, ?)";
statement = connection.prepareStatement(query);
statement.setInt(1, Integer.parseInt(request.getParameter("pno")));
statement.setString(2, request.getParameter("pname"));
statement.setInt(3, Integer.parseInt(request.getParameter("qoh")));
statement.setDouble(4, Double.parseDouble(request.getParameter("price")));
statement.setInt(5, Integer.parseInt(request.getParameter("olevel")));
statement.executeQuery(query);
} catch (ClassNotFoundException | SQLException ee) {
System.out.println("Connection failed!");
System.err.println(ee);
} finally {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(addProductServlet.class.getName()).log(Level.SEVERE, null, ex);
}
try {
connection.close();
} catch (SQLException ex) {
Logger.getLogger(addProductServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
RequestDispatcher rd = request.getRequestDispatcher("indexSuccess.jsp");
rd.forward(request, response);
}
该产品没有被添加到数据库中,但是如果我对 SQL-查询进行硬编码,它就可以正常工作。我已检查所有数据类型是否正确。
表格如下所示:
<form action="addProductServlet">
<div class="form-group">
<input type="text" class="form-control margin-bottom-5" placeholder="Product No. (100XX)" name="pno" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Product Name" name="pname" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Quantity (XX)" name="qoh" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Price (XX.XX)" name="price" required>
<input type="text" class="form-control" placeholder="Order Level" name="olevel" required>
</div>
<button class="btn btn-danger nice-bg-color" type="submit">Add product</button>
</form>
非常感谢您的帮助!
将您的 query 更改为
String query = "insert into parts values (?, ?, ?, ?, ?)";
请注意,String 参数不需要被引用,因为 PrepareStatement 会为您做到这一点。添加引号将导致 ,''value'', 的有界值并破坏最终查询 语句 .
我正在为学校做一个项目 - 我想尝试扩展应用程序,但我有点受困于此。
我正在尝试使用准备好的语句从表单中的文本字段向 Oracle Thin 数据库添加产品。
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
Class.forName(DB.driver);
connection = DriverManager.getConnection(DB.URL, DB.ID, DB.PW);
String query = "insert into parts values (?, '?', ?, ?, ?)";
statement = connection.prepareStatement(query);
statement.setInt(1, Integer.parseInt(request.getParameter("pno")));
statement.setString(2, request.getParameter("pname"));
statement.setInt(3, Integer.parseInt(request.getParameter("qoh")));
statement.setDouble(4, Double.parseDouble(request.getParameter("price")));
statement.setInt(5, Integer.parseInt(request.getParameter("olevel")));
statement.executeQuery(query);
} catch (ClassNotFoundException | SQLException ee) {
System.out.println("Connection failed!");
System.err.println(ee);
} finally {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(addProductServlet.class.getName()).log(Level.SEVERE, null, ex);
}
try {
connection.close();
} catch (SQLException ex) {
Logger.getLogger(addProductServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
RequestDispatcher rd = request.getRequestDispatcher("indexSuccess.jsp");
rd.forward(request, response);
}
该产品没有被添加到数据库中,但是如果我对 SQL-查询进行硬编码,它就可以正常工作。我已检查所有数据类型是否正确。
表格如下所示:
<form action="addProductServlet">
<div class="form-group">
<input type="text" class="form-control margin-bottom-5" placeholder="Product No. (100XX)" name="pno" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Product Name" name="pname" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Quantity (XX)" name="qoh" required>
<input type="text" class="form-control margin-bottom-5" placeholder="Price (XX.XX)" name="price" required>
<input type="text" class="form-control" placeholder="Order Level" name="olevel" required>
</div>
<button class="btn btn-danger nice-bg-color" type="submit">Add product</button>
</form>
非常感谢您的帮助!
将您的 query 更改为
String query = "insert into parts values (?, ?, ?, ?, ?)";
请注意,String 参数不需要被引用,因为 PrepareStatement 会为您做到这一点。添加引号将导致 ,''value'', 的有界值并破坏最终查询 语句 .