0

我有一个基本代码,但它不起作用。我不知道为什么。我通过在每一行之后打印来检查整个代码,但似乎 executequery 让我很难过。需要专家帮助请

<%@ page import="java.net.*, java.io.*, java.sql.*, java.util.*" %>
<%
String url   = "jdbc:oracle:thin:@127.0.0.1:1521:XE";
Connection   con = null;
Statement    stmt =null;
ResultSet    rs=null;
String uname=request.getParameter("uname");
String passwd=request.getParameter("password");

try
{
//*** Load the jdbc-odbc bridge driver
    Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();

    //*** Attempt to connect to a driver.
    con = DriverManager.getConnection(url, "admin", "admin");

    //***  Create a Statement object so we can submit
    //***  SQL statements to the driver
    stmt = con.createStatement();

    String  query=("select username,password from users where username="+uname);

    //*** execute query and show result
    rs = stmt.executeQuery(query);

    int numCols = rs.getMetaData().getColumnCount();
while (rs.next())
    {
        int i=0;
        for (i=1; i<=numCols; i++)
            out.println(rs.getString(i));
    }

    //*** close connection
    stmt.close();
    con.close();
}
catch (Exception e)
{
    e.printStackTrace();
}
%>
4

1 回答 1

3

您的陈述可能会引发错误,因为您没有引用文字。

而不是这段代码:

String  query=("select username,password from users where username="+uname);

尝试:

String  query=("select username,password from users where username='"+uname+"'");

或者更好的是,通过使用 java.sql.PreparedStatement 在查询中使用参数。只需google for java PreparedStatement,您会发现很多示例。

于 2013-12-04T09:00:58.913 回答