0

基本上我正在尝试遍历我的数据库并显示里面的所有信息。我理解这个概念,但我的实现显然是错误的,因为 Tomcat 不断给我以下错误:

Root cause:

javax.servlet.ServletException: Operation not allowed after ResultSet closed

任何帮助将非常感激。我知道问题出在我的 while 循环上,但我的知识有限,我无法发现我需要进行的更改。请随时更改代码。

<%@ page import="java.sql.*" %>

<%
String connectionURL = "jdbc:mysql://addr.to.db:3306/dbname";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;
%>

<html>

<head>
<title>JSP Server Response</title>
</head>

<body>
<h1>JSP Server Response:</h1>

<!--Get information from HTML form for manipulation-->

<%
    String songName = request.getParameter("newSongName");
String artistName = request.getParameter("newArtistName");
String password = request.getParameter("pass");
String radioResults = request.getParameter("dbIO");
%>

<%

Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "userName", "password");
statement = connection.createStatement();
String query = "SELECT * FROM song_info;";
rs = statement.executeQuery(query);

//Add or Delete Information from DB

if(radioResults.equalsIgnoreCase("insert"))
{
    statement.executeUpdate("INSERT INTO song_info (songTitle, artistName) VALUES                     ('"+artistName+"','"+songName+"')");
}
else if(radioResults.equalsIgnoreCase("delete"))
{
statement.executeUpdate("DELETE FROM song_info WHERE artistName='"+songName+"'");
}
%>

<table>
<tr>
<th>Song Name</th><th>Artist Name</th>
</tr>

<% while(rs.next()){ %>
<tr>
<td align=center> <%= rs.getString("songTitle")%></td>
<td align=center> <%= rs.getString("artistName")%></td>
</tr>
<%}%>
</table>

<%
rs.close();
statement.close();
connection.close();
%>

Information Submitted to Server:

Artist Name: <%=songName%> <br />
Song Name: <%=artistName%> <br />
Password: <%=password%><br />
Radio Button Selection: <%=radioResults%><br /><br />

Password Correct: 

</body>

</html>
4

2 回答 2

0

设法提出了一个临时解决方案,将数据库的所有行连接成一个长字符串,然后将字符串显示给浏览器:

<%

Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "userName", "dbPass");
statement = connection.createStatement();
String query = "SELECT songTitle, artistName FROM song_info";
rs = statement.executeQuery(query);

String db_contentsORIGINAL = "";

while (rs.next()) {
    String artName = rs.getString("artistName");
    String sName = rs.getString("songTitle");

    String db_entry = "<b>Artist:</b> " + artName + " | " + "<b>Song Title:         </b>" + sName + "<br />";

        db_contentsORIGINAL += db_entry;
}

//Add or Delete Information from DB

if(radioResults.equalsIgnoreCase("insert"))
{
statement.executeUpdate("INSERT INTO song_info (songTitle, artistName) VALUES         ('"+artistName+"','"+songName+"')");
}
else if(radioResults.equalsIgnoreCase("delete"))
{
statement.executeUpdate("DELETE FROM song_info WHERE artistName='"+songName+"'");
}

%>
于 2012-11-15T00:45:52.877 回答
0

问题是您使用同一个Statement对象来执行多个查询。如果您重新使用Statement,那么任何ResultSet来自先前执行的资源都将被关闭。

解决方案是重新排序查询(就像您在自己的答案中所做的那样),或者Statement为查询和更新使用单独的对象。

此外,您当前的代码也会让您接触到 SQL 注入。请PreparedStatement与参数化查询一起使用。这将保护您免受大多数(如果不是全部)SQL 注入攻击。

于 2012-11-15T09:25:44.907 回答