问题
I'm managing a JDBC database with Servlets/JSPs and one of the attributes I have in a table is a string which may or may not have spaces in between words. I have one JSP to display all the information and another one to edit it, on both I perform getString
to a ResultSet
and when I'm just displaying it it works fine, but on the edit JSP it only "grabs" the first word before the space and the rest of the string disappears. Here's part of the code:
PerfilUsuarioConectado.jsp (the one I use to display the data)
<%
Connection conexion = DriverManager.getConnection("jdbc:odbc:gasteizcar", "", "");
Statement set = conexion.createStatement();
ResultSet rs = set.executeQuery("SELECT * FROM Usuario WHERE correoElectronico ='" + session.getAttribute("username") + "'");
rs.next();
%>
<div id="principal">
<table border="1" align="center">
<tr>
<td> Nombre: </td>
<td> <%= rs.getString("nombre")%>
</tr>
<tr>
<td> Apellidos: </td>
<td> <%= rs.getString("apellidos")%>
</tr>
<tr>
<td> E-mail: </td>
<td> <%= rs.getString("correoElectronico")%>
</tr>
<tr>
<td> Alias: </td>
<td> <%= rs.getString("alias")%>
</tr>
<tr>
<td> Nº móvil: </td>
<td> <%= rs.getString("movil")%>
</tr>
<tr>
<td> Coche: </td>
<td> <%= rs.getString("marca") + " " + rs.getString("modelo") + " " + rs.getString("color")%>
</tr>
</table>
</div>
ModificarDatos.jsp (the one to edit the data)
<%
Connection conexion = DriverManager.getConnection("jdbc:odbc:gasteizcar", "", "");
Statement set = conexion.createStatement();
ResultSet rs = set.executeQuery("SELECT * FROM Usuario WHERE correoElectronico ='"
+ session.getAttribute("username") + "'");
int i = 0;
rs.next();
String marca = rs.getString("marca");
String modelo = rs.getString("modelo");
String color = rs.getString("color");
String movil = rs.getString("movil");
%>
<div id="principal">
<form id="datos" action="ModificarDatos" method="post">
<table border="1" align="center">
<tr>
<td> * Verificar con contraseña: </td>
<td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="password" name="password" required></td>
</tr>
<tr>
<td> ** Nueva contraseña: </td>
<td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="nuevaContrasenia" name="nuevaContrasenia"> </td>
</tr>
<tr>
<td> ** Repita la contraseña: </td>
<td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="repContrasenia" name="repContrasenia"> </td>
</tr>
<tr>
<td> * Nº de móvil: </td>
<td> <input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=<%= movil%>> </td>
</tr>
<tr>
<td> *** Marca del coche: </td>
<td> <input type="text" name="marca" id="marca" value=<%= marca%>> </td>
</tr>
<tr>
<td> *** Modelo del coche: </td>
<td> <input type="text" name="modelo" id="modelo" value=<%= modelo%>> </td>
</tr>
<tr>
<td> *** Color: </td>
<td> <input type="text" name="color" id="color" value=<%= color%>> </td>
</tr>
</table>
</div>
<input type="button" id="bActualizar" value="Actualizar datos">
So, if anyone can tell me why does the getString
method perform differently in both situations I'd be really grateful.
回答1:
The error is in these lines:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=<%= movil%>>
If your variable movil
contains abc def
, say, then the HTML generated will be this:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=abc def>
This then sets the value of the input to abc
and creates another attribute def
, which isn't recognised and will be ignored. In fact, the Markdown syntax highlighting on Stack Overflow points this out: abc
is blue, for a value, and def
is red, for an attribute name.
At the very least, you need to put quotes around the <%= movil %>
:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="<%= movil%>">
If movil
contains abc def
, this time, the output will be
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="abc def">
Now you can see that the value has been written correctly.
Aside from this, there are a further couple of comments I'd like to make:
Firstly, your code is vulnerable to SQL injection. If your
username
session variable ends up as something liketest' OR 1=1 --
, all results from the database will be returned. Worse still, if it is something liketest'; DROP TABLE Usuario;--
, you could lose data. Use PreparedStatements instead.Secondly, as pointed out by Aniket in a comment, you really shouldn't be using scriptlets
<% ... %>
in JSPs any more. Instead, you should be using JSTL tags and EL expressions. The question linked to by Aniket is a good place to start.
I appreciate this may be your first JSP application. Once you've got it working, however, I'd recommend that you consider making these changes.
回答2:
The purpose of getString () method in ResultSet class is used return the data from the column you specified as String. It can take two arguments sch as
String getString(String columnLabel) throws SQLException
String getString(String columnIndex) throws SQLException
The first one is to iterate the ResultSet using the column for ex as you specified
String marca = rs.getString("marca");
the second one could be like this
String marca = rs.getString(1);
Also iterate the result set entirely until rs.next
to get all the values from the table.More information here
Hope it helps !!
来源:https://stackoverflow.com/questions/20832989/getstring-from-resultset-with-spaces