我正在开发一个简单的Java Web应用程序,它通过表单接受来自用户的数据,并通过servlet将其存储在SQL数据库中。现在,当我编写代码时,一切正常,但是在我写的行中出现错误 -
str="insert into ..."
ps= con.createStatement(str); <-- Error here
ps.executeUpdate(); <--error here
它说 - 必须捕获或抛出未报告的SQL异常。
所以,我用try和catch块包围声明,但现在当我运行程序时,我得到了这个 - java.sql.SQLException:[Microsoft] [ODBC SQL Server驱动程序] [SQL Server]找不到存储过程str
我陷入困境,无法在任何地方找到解决方案。我创建了数据库和表,并通过SQL Query插入值。我也通过odbcad32创建了一个名为'mydata'的用户DSN。 请帮帮我!
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.sql.*;
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String type="",name="",pw="",city="",country="",contact="",sal="";
type=request.getParameter("ddltype");
name=request.getParameter("txtname");
pw=request.getParameter("txtpwd");
city=request.getParameter("txtcity");
sal=request.getParameter("txtsal");
country=request.getParameter("txtcountry");
contact=request.getParameter("txtcontact");
try {
conn();
String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')";
ps=con.prepareStatement("str");
ps.executeUpdate();
/* TODO output your page here. You may use following sample code. */
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet regsev</title>");
out.println("</head>");
out.println("<body> INSERTED SUCCESSFULLY");
out.println("<h1>Servlet regsev at " + request.getContextPath() + "</h1>");
out.println("</body>");
out.println("</html>");
}
catch(SQLException e)
{
out.print(""+e);
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP
* <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP
* <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}
答案 0 :(得分:1)
这里有很多评论。
String str="insert into details values('"+type+"','"+name+"','"+pw+"','"+city+"','"+country+"','"+contact+"','"+sal+"')";
ps=con.prepareStatement("str");
ps.executeUpdate();
所有3个不正确。 准备好的语句有助于提高性能(在大多数情况下),简化代码并防止SQL注入。 你的代码没有3个中的2个。
下面的示例应该如何:
String str="insert into details (type, name,pwd )
values(?,?,?)";
ps=con.prepareStatement(str); // so no "" around str.
ps.setString(1,type); // Sets the content of the first ?, all safe against SQL Injection
ps.setString(2,name); // Sets the content of the second ?
ps.setString(3,pwd); // Sets the content of the third ?
ps.execute(); // Execute instead of executeUpdate.
现在,数据库还可以重复使用准备好的语句执行计划,从而节省几秒钟的第二次插入。