0

我正在尝试使用 java servlet 构建注册系统。并将数据插入到 mySQL 数据库中。但我得到一个语法错误。我刚刚读完 Wiley mySQL 和 Java 开发人员指南。

而且我对 servlet 编程有点陌生,所以如果有简单的方法可以做我所做的事情,请告诉我。

 package com.app.base;

 import java.io.IOException;
 import java.io.PrintWriter;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.ResultSet;
 import java.sql.Statement;

 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import com.app.pojo.*;

 public class RegisterServlet extends HttpServlet{

MySqlDB mysql;

@Override
public void init() throws ServletException {
    // TODO Auto-generated method stub
    mysql = new MySqlDB();

}

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, IOException {

    PrintWriter out = null;
    //Connection connection = null;
    //Statement statement;
    //ResultSet rs;

    resp.setContentType("text/html");
    out = resp.getWriter();


    try{
        mysql.createConnection();
    }catch(Error e){
        out.write("Couldn't connect to mysql");
    }
    String fname = req.getParameter("fname");
    String lname = req.getParameter("lname");
    String email = req.getParameter("email");
    String password = req.getParameter("password");
    String city = req.getParameter("city");
    String country = req.getParameter("country");

    if(fname == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else if(lname == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else if(email == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else if(password == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else if(city == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else if(country == null){
        String destination = "signup.jsp?error=Complete All Fields";
        RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
        rd.forward(req, resp);
    }else{

        String sql = "INSERT INTO main.users(first_name, last_name, email, password, city, country, registered_time) VALUES("
                + fname +", "+ lname + ", "+ email +", " + password +", " + city +"," + country + ",Now());";
        int answer = mysql.insertSQL(sql);
        if(answer == 1){
            resp.sendRedirect( "index.jsp?registered=true");
            //String destination = "index.jsp?registered=true";
            //RequestDispatcher rd = getServletContext().getRequestDispatcher(destination);
            //rd.forward(req, resp);
        }
    }


}

 }

这是要连接的 MySql 类。

package com.app.pojo;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class MySqlDB{

private static String username = "root", password = "root";

public Connection createConnection(){
    Connection connection = null;
    try{
        //Load the JDBC driver
        Class.forName("com.mysql.jdbc.Driver");

        connection = DriverManager.getConnection("jdbc:mysql://localhost:3306,/main", username, password);
        //Create a connection to the database


    }catch(SQLException ex){
        System.out.println(ex);
    }catch(ClassNotFoundException e){
        System.out.println(e);
    }

    return connection;
}

public void runSqlStatement(String sql){
    try{
        Statement statement = createConnection().createStatement();
        //statement executeQuery(Query)
        boolean rs = statement.execute(sql);
    }catch(SQLException ex){
        System.out.println(ex);
    }
}

public ResultSet executeSQL(String sql){

    Statement statement = null;
    ResultSet rs = null;

    try{
        statement = createConnection().createStatement();
        rs = statement.executeQuery(sql);

        /*while(rs.next()){
            System.out.println(rs.getString(1));
        }*/


  //            rs.close();
  //            statement.close();
    }catch (SQLException e) {
        System.out.println(e);
    }

    return rs;
}

public int insertSQL(String sql){

    int rs;

    try{
        Statement statement = createConnection().createStatement();
        rs = statement.executeUpdate(sql);
        return rs;

    }catch(SQLException ex){
        System.out.println(ex);
        return 0;
    }


}
}

这是tomcat控制台

INFO: Reloading Context with name [/Map] has started
Apr 21, 2012 12:59:14 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc
SEVERE: The web application [/Map] registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
Apr 21, 2012 12:59:17 AM org.apache.catalina.core.StandardContext reload
INFO: Reloading Context with name [/Map] is completed

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '********,Colombo,Sri Lanka,Now())' at line 1
4

5 回答 5

6

您需要转义/引用您的VALUES部分中的字符串。您的 JDBC 驱动程序将为您执行此操作,例如使用PreparedStatement.

请注意,如果您将代码保持原样,或者只是添加引号,您将面临SQL 注入攻击的真正危险。

于 2012-04-20T19:53:25.753 回答
2

试试这个...

Connection con = mysql.createConnection();
String sql = "INSERT INTO main.users(first_name, last_name, email, password, city,
country, registered_time) VALUES(?, ?, ?, ?, ?, ?, ?);";
PreparedStatement insertStatement = con.prepareStatement(sql);
insertStatement.setString(1, first_name);
insertStatement.setString(2, last_name);
insertStatement.setString(3, email);
insertStatement.setString(4, password);
insertStatement.setString(5, city);
insertStatement.setString(6, country);
insertStatement.setString(7, new Date());
insertStatement.execute();

问候。

于 2012-11-07T13:20:27.910 回答
0

尝试在变量周围加上单引号。

前任:

VALUES('" + myString + "', '" + myOtherString + "')

于 2012-04-20T19:53:31.000 回答
0 
 String sql = "INSERT INTO main.users(first_name, last_name, email, password, city, country, registered_time) VALUES('"
                + fname +"', '"+ lname + "', '"+ email +"', '" + password +"',' " + city +"','" + country + "',Now())";
于 2012-04-20T19:55:14.997 回答
-1 
Colombo,Sri Lanka,Now())' at line 1

看起来你的字符串周围缺少单引号。

于 2012-04-20T19:53:38.507 回答