0

好的,首先,我对网页设计相当陌生。但是对于我的一个项目,我被要求创建一个页面,该页面根据多个数据库中的表填充多个下拉列表。而且我相信我已经让这部分工作了,看看我的代码到目前为止(一个jsp页面):

代码选择器.jsp

<%@page import="java.sql.*"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
                <title>Codes Page</title>
        </head>
        <body>
            <form name = "codes" method = "POST" action="....." target="_self">
                <h1>Please select the applicable codes:</h1>
                <select name='code1' onchange="showState(this.value)">  
                <option value="none">Code One: None</option>  
                <%
                    String debug = "ON";

                    if(debug.equals("ON"))
                    {
                        System.out.println("***DEBUGGING IS TURNED ON!!!***");
                    }

                    //Pulls the ids and descriptions from the first codes table and stores them in the first drop down
                    try
                    {
                        String caseId = request.getParameter("caseID");
                        //caseId = "30";

                        if (caseId == null)
                        {
                            //debug
                            System.out.println("The caseID is NULL!");

                            Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();  
                            Connection con = DriverManager.getConnection("jdbc:oracle:thin:@url:sid","username","password");  
                            Statement stmt = con.createStatement();  
                            ResultSet rs = stmt.executeQuery("select id, descr from case_codes");
                            String tempString;

                            while(rs.next())
                            {
                                //If the code description is more than 125 characters long, truncate the string and append "..." to the end of it.
                                if (rs.getString(2).length() > 125)
                                {
                                    tempString = rs.getString(2).substring(0, 125);
                                    %>
                                        <option value="<%=rs.getString(1)%>"><%=rs.getString(1)%> <%=tempString%>...</option>  
                                    <%
                                }
                                //Else just insert the whole description into the option field.
                                else
                                {
                                    %>
                                        <option value="<%=rs.getString(1)%>"><%=rs.getString(1)%> <%=rs.getString(2)%></option>  
                                    <%
                                }

                            }

                            //Closes the database connection
                            stmt.close();
                            con.close();
                        }
                        else if (caseId != null)
                        {
                            if(debug.equals("ON"))
                            {
                                System.out.println("The caseID is NOT NULL!");
                            }

                            Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();  
                            Connection con = DriverManager.getConnection("jdbc:oracle:thin:@url:sid","username","password");  
                            Statement stmt = con.createStatement();

                            //Returns a list of all the tables and views in the database
                            if(debug.equals("ON"))
                            {
                                DatabaseMetaData meta = con.getMetaData();
                                ResultSet res = meta.getTables(null, null, null, new String[] {"TABLE"});

                                while (res.next()) 
                                {
                                    System.out.println(
                                        "   "+res.getString("TABLE_CAT") 
                                       + ", "+res.getString("TABLE_SCHEM")
                                       + ", "+res.getString("TABLE_NAME")
                                       + ", "+res.getString("TABLE_TYPE")
                                       + ", "+res.getString("REMARKS")); 
                                 }
                            }

                            if(debug.equals("ON"))
                            {
                                System.out.println("BEFORE SQL Statement: select id from cases");
                            }

                            //Returns a result set of all the ids in the cases table
                            ResultSet rs = stmt.executeQuery("select id from cases");

                            if(debug.equals("ON"))
                            {
                                System.out.println("AFTER SQL Statement: select id from cases");
                            }

                            while(rs.next())
                            {
                                if(debug.equals("ON"))
                                {
                                    System.out.println("The rs is: " + rs.getString(1));
                                }

                                if(rs.getString(1).equals(caseId))
                                {
                                    if(debug.equals("ON"))
                                    {
                                        System.out.println("Case ID Found!");
                                    }

                                    ResultSet rs2 = stmt.executeQuery("select rlawcd_id, display_seq from cs_rlawcd where cs_id = " + caseId);

                                    while(rs2.next())
                                    {
                                        if(debug.equals("ON"))
                                        {
                                            System.out.println("Inside rs2 while loop");

                                        }

                                        //If no values are returned in the rlawcd table, populate the drop down as you normally would
                                        if (rs2 == null)
                                        {
                                            if(debug.equals("ON"))
                                            {
                                                System.out.println("Inside rs2 IF");
                                                System.out.println("rs2 = null");
                                            }

                                            ResultSet rs3 = stmt.executeQuery("select id, descr from case_codes");
                                            String tempString;

                                            while(rs3.next())
                                            {
                                                //If the code description is more than 125 characters long, truncate the string and append "..." to the end of it.
                                                if (rs3.getString(2).length() > 125)
                                                {
                                                    tempString = rs3.getString(2).substring(0, 125);
                                                    %>
                                                        <option value="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=tempString%>...</option>  
                                                    <%
                                                }
                                                //Else just insert the whole description into the option field.
                                                else
                                                {
                                                    %>
                                                        <option value="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=rs3.getString(2)%></option>  
                                                    <%
                                                }

                                            }
                                        }
                                        //Else if the values are indeed returned and the display sequence equals 1
                                        //populate the drop downs normally but with the returned values set as the selected/default items
                                        else if(rs2.getString(2).equals("1"))
                                        {
                                            if(debug.equals("ON"))
                                            {
                                                System.out.println("Inside rs2 ELSE IF");
                                                System.out.println("The rs2 is NOT NULL!");
                                            }

                                            String codeID = rs2.getString(1);

                                            ResultSet rs3 = stmt.executeQuery("select id, descr from case_codes");
                                            String tempString;

                                            while(rs3.next())
                                            {
                                                if(debug.equals("ON"))
                                                {
                                                    System.out.println("Inside rs3 while loop");
                                                }

                                                if (rs3.getString(1).equals(codeID))
                                                {
                                                    if(debug.equals("ON"))
                                                    {
                                                        System.out.println("Inside rs3 IF");
                                                        System.out.println("A matching law code was found!");
                                                    }

                                                    //If the code description is more than 125 characters long, truncate the string and append "..." to the end of it.
                                                    if (rs3.getString(2).length() > 125)
                                                    {
                                                        tempString = rs3.getString(2).substring(0, 125);
                                                        %>
                                                            <option selected="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=tempString%>...</option>  
                                                        <%
                                                    }
                                                    //Else just insert the whole description into the default/selected option field.
                                                    else
                                                    {
                                                        %>
                                                            <option selected="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=rs3.getString(2)%></option>  
                                                        <%
                                                    }       
                                                }
                                                else
                                                {
                                                    //If the code description is more than 125 characters long, truncate the string and append "..." to the end of it.
                                                    if (rs3.getString(2).length() > 125)
                                                    {
                                                        tempString = rs3.getString(2).substring(0, 125);
                                                        %>
                                                            <option value="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=tempString%>...</option>  
                                                        <%
                                                    }
                                                    //Else just insert the whole description into the option field.
                                                    else
                                                    {
                                                        %>
                                                            <option value="<%=rs3.getString(1)%>"><%=rs3.getString(1)%> <%=rs3.getString(2)%></option>  
                                                        <%
                                                    }       
                                                }
                                            }
                                        }
                                        else
                                        {
                                            if(debug.equals("ON"))
                                            {
                                                System.out.println("Inside the rs2 ELSE");
                                                System.out.println("Something must have gone wrong.");
                                            }
                                        }
                                    }
                                }
                                else
                                {
                                    //do nothing...
                                }
                            }
                            //Closes the database connection
                            stmt.close();
                            con.close();
                        }
                        else
                        {
                            //debug
                            System.out.println("Something weird happened.");
                        }

                    }
                    catch (ClassNotFoundException e)
                    {
                        System.err.println("ClassNotFoundException: " + e.getMessage());
                    } 
                    catch (SQLException e)
                    {
                        System.err.println("SQLException: " + e.getMessage());
                    }
                    catch (Exception e)
                    {
                        System.err.println("Generic Exception: " + e.getMessage());
                    }       
                %>
                </select>
                <br>
                <br>
                <input type="submit" value="Submit">
              </form>
          </body> 
      </html>

但是,现在我需要添加根据用户在上方下拉框中选择的内容使用更新和插入语句来更新数据库的功能。同样,对此相当陌生,我不确定这样做的最佳方法是什么?我在 google 上发现的很多内容表明此功能主要涉及这部分代码:

<form name = "codes" method = "POST" action="...." target="_self">

似乎很多在线示例都建议使用单独的 php 页面?但我并不真正了解两者如何相互链接,以及一个页面内容如何在另一页面和您要更新的数据库之间传输。任何有这方面经验的人都可以在这里提供一些建议或指出我下一步可能想要做什么的正确方向,以便能够在submit单击按钮时写入数据库吗?

4

1 回答 1

1

嗯,第一件事是 HTTP 帖子。您将表单提交到一个特殊页面。您将在请求参数中获得所选项目。

所以你创建了一个<form ... >...</form>导致你的jsp的动作。现在您将在提交表单后获取参数。

动作应该是action="./CodeSelector.jsp"

现在一些批评者对您的代码:

  1. 它太长了,我建议将行为拆分为某种 form.jsp 和另一个 store.jsp。您应该拆分您的代码,以便更好地了解您的代码。
  2. NEVER,在NO CIRCUSTANCES下采用 request-parameter 并将它们附加到查询中。这将导致严重的序列风险。只是不要从这个开始。始终使用PreparedStatement并设置参数。这将导致在SQL-injections方面的安全查询。
  3. 考虑使用更现代的框架来创建 Java 支持的网站。我使用过Java Server FacesGWT。你将有更多的东西要学,但对 Code 的理解却更少(我认为)。

单个 JSP 页面将导致一次不可测试的写入。永远不懂代码。使用现代框架,或 JSP 和CDI,您可以将代码拆分为 gui (JSP) 和逻辑 (Java)

于 2012-10-29T19:12:34.527 回答