0

我是 jsp 新手,我尝试在我的 jsp 页面中打印我的数据库值,下面的程序工作正常,而我直接打印 s1="january" 和 s2="2012" 值,数据类型均为 VARCHAR

String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s1+"' AND readingyear= '"+s2+"'";

如果我尝试打印我的 request.getparameter("t1")( t1 contains january ) value request.getparameter("t2");(t2 contains 2011)

它不会打印任何想法,

String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s11+"' AND readingyear= '"+s22+"'";

           <body>
           <form action="yeardb.jsp">
           <table border="1" >
           <tr>
           <td>Select Year</td>
           <td>
           <select name="t1">
           <option value="2013">2013</option>
           <option value="2012">2012</option>
           <option value="2011">2011</option>
           <option value="2010">2010</option>
           </select>
           </td></tr><tr><td>
          <tr><td>Select Month:</td>
          <td>
          <select name="t2"> 
          <option value="january">JANUARY</option>
          <option value="march">March</option>
          <option value="may">May</option>
           <option value="july">JULY</option>
           <option value="aug">AUGUEST</option>
            <option value="oct">OCTOBER</option>
            <option value="dec">DECEMBER</option>
            </select></td></tr><tr><td>
           <input type= "submit" value="submit" >
          </td></tr>
          </table>
           </form>
          </body>



          yeardb.jsp
       ********
        <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">

       <%@page import="com.mysql.jdbc.Driver"%>
       <%@ page import="java.sql.*" %>
       <%@ page import="java.io.*" %> 

      <html>
      <head>
     <title>display data from the table using jsp</title>
      </head>
       <body>
     <h1>welcome</h1>


     <%
     String s11=request.getParameter("t1");
     String s22=request.getParameter("t2");
     String s1="january";
     String s2="2011";
     out.print("i am String"+s11);
     out.print("i am String"+s22);
      out.print("outside try");
     try {
      out.print("inside try");
      String connectionURL = "jdbc:mysql://localhost:3306/horizontal";

      Connection connection = null;

      Statement statement = null;


      ResultSet rs = null;


      Class.forName("com.mysql.jdbc.Driver").newInstance();

      connection = DriverManager.getConnection(connectionURL, "root", "root");
      statement = connection.createStatement();
      out.print("before query");

    String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s1+"' AND readingyear= '"+s2+"'";


      out.print("after query");

      rs = statement.executeQuery(QueryString);

%>

  <TABLE cellpadding="15" border="1" style="background-color: #ffffcc;">
  <%
   out.print("outside while");
   while (rs.next()) {
    out.print("inside while");
   %>
      <TR>

      <TD><%=rs.getString(1)%></TD>
      <TD><%=rs.getString(2)%></TD>
      <TD><%=rs.getString(3)%></TD>
      <TD><%=rs.getString(4)%></TD>

     </TR>
    <%   }    %>
    <%
// close all the connections.
    rs.close();
    statement.close();
   connection.close();
      }      catch (Exception ex) {
%>
</font>
<font size="+3" color="red"></b>
    <%
            out.println("Unable to connect to database.");
        }
    %>
    </TABLE><TABLE>
      <TR>

        <button type="submit"><-- back</button></TD>
       </TR>
     </TABLE>
    </font>
4

1 回答 1

0

我更深入地查看了您的代码,您正在设置:

String s22=request.getParameter("t2");

t2 包含月份,但您的 s2 变量包含年份。交换那些,你应该没问题。

 String s11=request.getParameter("t1");  <- This is your year
 String s22=request.getParameter("t2");  <- This is your month
 ....
 String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s22+"' AND readingyear= '"+s11+"'";

话虽如此,您应该真正考虑使用参数化查询(这很容易受到 SQL 注入的影响)——看看使用 PreparedStatement 代替: 

String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = ? AND readingyear= ?";
PreparedStatement ps = connection.prepareStatement(QueryString )
ps.setString(1, s22);
ps.setString(2, s11);
rs = ps.executeQuery();

祝你好运。

于 2013-01-27T05:55:17.647 回答