1. 首页
  2. 问答
  3. 的Java MYSQL使用复选框选择

的Java MYSQL使用复选框选择

2012-12-13 64 views
1

可能重复:
PreparedStatement IN clause alternatives?的Java MYSQL使用复选框选择

我想基于复选框选择从MySQL选择。 (复选框具有的ID,并从数据库中选择应该选择其中ID = - >被选择的ID?)

我用MVC架构组织它:

  • 在JSP

    是我的形式(这是动态的,因此可以有更多)

    <input type="checkbox" name="checkboxes" value="1">XY 
    <input type="checkbox" name="checkboxes" value="2">XY 
    <input type="checkbox" name="checkboxes" value="3">XY

  • 中的servlet我得到的值

    String[] catids = request.getParameterValues("checkboxes"); 

    //Forward to bean -> doesnt work because catids is like an array 
    FrageBean f=FragenBean.getRandomQuestionByCategory(catids);

  • 我bean是:

    public static FrageBean getRandomQuestionByCategory(String catids) { 
ArrayList<Integer> alleFragenIds = new ArrayList<Integer>(); 

DatabaseMetaData dbmd; 
Statement sql; 
Connection db = null; 


try { 
    Class.forName("com.mysql.jdbc.Driver"); 
} catch (ClassNotFoundException ex) { 
    System.out.println("driver not found"); 
} 
try { 
    db = DriverManager 
      .getConnection("jdbc:mysql://localhost:3306/xyz?" 
      + "user=root&password=xyz"); 
    dbmd = db.getMetaData(); 

    System.out.println("Connected with: " + dbmd.getUserName() + " | " 
      + "Connection to: " + dbmd.getDatabaseProductName() + " " + dbmd.getDatabaseProductVersion() + " successful.\n"); 
    sql = db.createStatement(); 
} catch (SQLException ex) { 
    System.out.println("Error: " + ex); 
} 

try { 

    String query = "select id from quest where quest_id=?"; 
    PreparedStatement prest = db.prepareStatement(query); 

    prest.setString(1, catids); 


    ResultSet rs = prest.executeQuery(); 
    ArrayList fragenliste = new ArrayList(); 
    while (rs.next()) { 
     int fragenid = rs.getInt("id"); 
     alleFragenIds.add(fragenid); 

    } 

    rs.close(); 
    db.close(); 


} catch (SQLException ex) { 
    System.out.println("Error: " + ex); 
} 

Random r = new Random(); 
int frageIndex = r.nextInt(alleFragenIds.size()); 
System.out.println("Contents of al: " + alleFragenIds); 
return new FrageBean(alleFragenIds.get(frageIndex)); 

}

在它的工作只有一个ID的时刻(因为我只有一个选择)。我怎样才能做到这一点复选框?如何将“catids”转发给bean并创建mysql-query动态? (从fragen where kategorie_id = [ALL CHECKED BOXES]选择ID)

在此先感谢!

来源

2012-12-13 pythoniosIV

+1

这就是你需要的东西http://stackoverflow.com/questions/178479/preparedstatement-in-clause-alternatives –

回答

1

@ RaisAlam的答案是危险的,因为它很容易受到SQL注入。这里有一个固定的版本:

public void displayRecords(String[] catids) { 
    try { 
     String queryStart = "select id from quest where quest_id in ("; 
     String queryMiddle = ""; 
     String prefix = ""; 
     String queryEnd = ")"; 
     String query = ""; 

     if (catids != null && catids.length > 0) { 
      for (String id : catids) { 
       queryMiddle = queryMiddle + prefix + "?"; 
       prefix = ","; 
      } 
      query = queryStart + queryMiddle + queryEnd; 
      System.out.println(query); 
      Class.forName(....); 
      Connection conn = DriverManager.getConnection(....); 
      PreparedStatement stmt = conn.createPreparedStatement(query); 
      int i = 1; 
      for (String id : catids) { 
       stmt.setInt(i++, Integer.parseInt(id)); 
      } 
      ResultSet rs = stmt.executeQuery(query); 
      while (rs.next()) { 
       int fragenid = rs.getInt("id"); 
       System.out.println("ID = " + fragenid); 
      } 
     } 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
}

使用每个参数的占位符使用PreparedStatement是“最佳实践”的方式,以避免SQL注入。

来源

2012-12-13 12:57:37

+0

非常感谢!我的另一个问题是,将servlet中的cati文件给予bean:“FrageBean f = FragenBean.getRandomQuestionByCategory(catids);”我怎样才能给我的bean的String []变量?谢谢 – pythoniosIV

+0

为什么不把'getRandomQuestionByCategory'的形式参数声明为一个数组? –

2

在你的课堂上创建下面的方法。放入适当的驱动程序类和url连接并将字符串作为字符串数组传递。

假设:我假设列“quest_id”的类型是INT的表追求

public void displayRecords(String[] catids) 
{ 
    try 
    { 

     String queryStart = "select id from quest where quest_id in ("; 
     String queryMiddle = ""; 
     String prefix = ""; 
     String queryEnd = ")"; 
     String query = ""; 

     if (catids != null && catids.length > 0) 
     { 
      for (String id : catids) 
      { 
       queryMiddle = queryMiddle + prefix + id; 
       prefix = ","; 
      } 

      query = queryStart + queryMiddle + queryEnd; 
      System.out.println(query); 

      Class.forName("DriverClass...................."); 
      Connection conn = DriverManager.getConnection("connection url .................."); 
      Statement stmt = conn.createStatement(); 
      ResultSet rs = stmt.executeQuery(query); 

      while (rs.next()) 
      { 
       int fragenid = rs.getInt("id"); 
       System.out.println("ID = " + fragenid); 
      } 
     } 
    } 
    catch (Exception e) 
    { 
     e.printStackTrace(); 
    } 
}

来源

2012-12-13 12:18:15

+0

非常感谢你!我的另一个问题是,将servlet中的catids提供给bean: “FrageBean f = FragenBean.getRandomQuestionByCategory(catids);” 我怎样才能给我的bean的String []变量?谢谢 – pythoniosIV

+1

这实际上是一个危险的答案。认为“SQL注入”! –

+0

@StephenC =如果您正在使用** java.sql.Satement **,那么您就是真的,那么它很容易受到sql注入的影响。在将其发送到数据库之前,您需要注意并验证您的输入。但它需要一些时间,这是因为** sunmicrosystem **尚未弃用此接口。谢谢 –

相关问题

 相关问题