问题
Why is this query rs=st.executeQuery(query); not executed to select a table from database?
String gender = request.getParameter("gender");
if (gender != null) {
String table = gender.equals("teacher") ? "teacher2" : "student";
String query ="select username,password from " +table+ " where username='"+name+"' AND password='"+abc+"'";
rs=st.executeQuery(query); //Why This statement having error
}
Mysql Query for this table enter image description herei think this query is wrong
"select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";
I have two tables one is for the teacher and one is for students both have all same columns with same data type.
How can I select table from mysql database to get login. I have two tables one is for student and one is for teacher if user select teacher, radio button and enter username and password if user username and password equals to mysql database username and password he will get login same case is for student if he select student radio but and enter username and password if username, password equals to student table of mysql username, password he will get login.
Why this query is not executed to select a table
rs=st.executeQuery(query);
image of error coming
enter image description here //error
index.jsp
<form method="GET " action="statement.jsp" autocomplete="on">
<input id="username" name="username" required="required" type="text" placeholder="Username"/>
<input id="password" name="password" required="required" type="password" placeholder="Password" />
<input type="radio" name="gender" value="teacher" checked/> Teacher
<input type="radio" name="gender" value="Student"/>Student
<input type="submit" value="Login" />
</form>
statement.jsp
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="com.mysql.jdbc.Statement"%>
<%@page import="com.mysql.jdbc.Connection"%>
<%@page import=" java.sql.SQLException" %>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@include file="db conn.jsp" %>
<%
String name=request.getParameter("username");
String abc=request.getParameter("password");
String gender = request.getParameter("gender");
if (gender != null) {
String table = gender.equals("teacher") ? "teacher2" : "student";
String query ="select username,password from "+table+" where username='"+name+"' AND password='"+abc+"'";
rs=st.executeQuery(query); //Why This statement having error
}
if(rs.next())
{
response.sendRedirect("main.jsp");
}
else
{
response.sendRedirect("index.jsp");
}
%>
db conn.jsp // For database connection
<%@page import="com.mysql.jdbc.Connection"%>
<%@page import="com.mysql.jdbc.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.DriverManager"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Hello World!</h1>
<%@ page import ="java.sql.*" %>
<%
Connection c1 = null;
Statement st = null;
ResultSet rs = null;
Class.forName("com.mysql.jdbc.Driver");
c1 = (Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/teacher","root", "abcde");
{
System.out.println("Couldn't find the driver!");
System.out.println("Couldn't connect: print out a stack trace and exit.");
System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
st = (Statement) c1.createStatement();
System.out.println("Statement Created Successfully");
{
System.out.println("We got an exception while creating a statement:" + "that probably means we're no longer connected.");
}
if (c1!= null) {
System. out.println("Hooray! We connected to the database!");
} else {
System.out.println("We should never get here.");
}}
%>
error
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Exception in JSP: /statement.jsp:29
26: String table = gender.equals("teacher") ? "teacher2" : "student";
27: // replace dots with your values
28: String query ="select * from " +table+ "where username='"+name+"' AND password='"+abc+"'";
29: st.executeQuery(query);
30:
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:451)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:355)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
回答1:
You are missing a space here in the string:
"select * from " +table+ " where username like '"+name+ "'" AND password like '"+abc+" '
Add that space in the first string and you would have the right query. And then try again.
And also you should not use String concatenation for SQL as it vulnerable to SQL injection attack. Instead use query parameters.
For more information on how to do that read here:
http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement
回答2:
"select * from ' " +table+ " ' where username like '"+name+ "'" AND password like '"+abc+" '
U should call the value of column following format
' " + variablename + " '
来源:https://stackoverflow.com/questions/38706549/why-this-statement-rs-st-executequeryquery-is-not-excuting-how-can-i-select