1
我想在Java
上使用Ajax
制作一个简单的web应用程序。我有一个表的本地数据库 - 两列:ID
和Surname
。 。不工作的servlet从数据库中提取值
我的应用程序应该显示用户正确surname
(例如,他在现场id = 1
和servlet应该从数据库返回的姓氏写
这是我的servlet:
package db.connection;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
/**
* Servlet implementation class ConnectionServlet
*/
@WebServlet("/ConnectionServlet")
public class ConnectionServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String key = req.getParameter("key");
if (key != null) {
String surname = "";
ResultSet result = null;
Connection con = null;
try{
con = DatabaseConnector.getConnection();
Statement select = con.createStatement();
result = select
.executeQuery("SELECT surname from person where ID = '"
+ key + "';");
//surname=result.getString(0);
while (result.next()) {
surname = result.getString("surname");
// System.out.println(surname);
}
res.setContentType("text/xml");
res.setHeader("Cache-Control", "no-cache");
// write out the response string
res.getWriter().write(surname);
}
catch (SQLException e)
{
{
System.out.println(e.getMessage());
} }
finally
{
if (con != null)
{
try
{
con.close();
} catch (SQLException e) {
}
}
}
}
}
}
Ajax.js
var req;
function getSurDB(){
var key = document.getElementById("key");
var keypressed = document.getElementById("keypressed");
keypressed.value = key.value;
var url = "/DBcon/Ajax?key="+ escape(key.value);
if (window.XMLHttpRequest){
req = new XMLHttpRequest();
}
else if (window.ActiveXObject){
req = new ActiveXObject("Microsoft.XMLHTTP");
}
req.open("Get",url,true);
req.onreadystatechange = callback;
req.send(null);
}
function callback(){
if (req.readyState==4){
if (req.status == 200){
var surname = document.getElementById('surname');
surname.value = req.responseText;
}
}
clear();
}
function clear(){
var key = document.getElementById("key");
key.value="";
}
function focusIn(){
document.getElementById("key").focus();
}
你的意图不错,但是你面临什么问题? –
考虑使用预处理语句,以便处理SQL注入。而不是executeQuery(“SELECT姓氏来自ID ='”+ key +“';”的人)更多信息:https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java – Mike
用户在网站上编写身份证时看不到任何东西。 它是我的第一个作业。我知道SQL注入,但首先我想看到这个应用程序的工作,接下来我会考虑安全。 – KrisPL