发表新帖
发表新帖

Why this statement rs=st.executeQuery(query); is not excuting? How can I select only a table depend on input type=radio from mysql from two tables?

前端 未结
关注
2 558
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-01-28 03:09

Why is this query rs=st.executeQuery(query); not executed to select a table from database?

  String gender = request.getParameter(\"gender\");
  if
2条回答
  • 感情败类
    感情败类 (楼主)
    2021-01-28 03:23

    You are missing a space here in the string:

    "select * from " +table+ " where username like '"+name+ "'" AND password like '"+abc+" '

    Add that space in the first string and you would have the right query. And then try again.

    And also you should not use String concatenation for SQL as it vulnerable to SQL injection attack. Instead use query parameters.

    For more information on how to do that read here:
    http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement

    0 讨论(0)
 看不清?
提交回复
热议问题