通过复选框和提交按钮删除mysql多条记录
我无法处理我的应用程序的这一部分。我必须从 jsp 页面删除 mysql 数据库中的一些记录(从数据库正确加载),选中复选框并单击提交按钮。 即使数据正确显示,数据库中也不会删除任何内容 这是代码:
这是类
/* ArticoliManager.java */
public class ArticoliManager {
public void cancellaArticolo(String chboxArticoliDaCancellare[]) throws SQLException{
Connection con = DBConnectionPool.getConnection();
PreparedStatement ps = null;
try {
for(String deleteThem:chboxArticoliDaCancellare){
String query = "DELETE * FROM articoli WHERE id='"+deleteThem+"'";
ps = con.prepareStatement(query);
ps.executeUpdate();
con.commit();
}
}
finally {
if (ps != null) {
try {
ps.close();
}
catch (SQLException ignored) {
}
}
try {
con.close();
}
catch (SQLException ignored) {
}
}
}
}
这是 servlet
/* CancellaArticolo.java
*/
public class CancellaArticoloServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
int idArticoloDaCancellare = 0;
try {
ArticoliManager am = new ArticoliManager();
String chboxArticoliDaCancellare[] = request.getParameterValues("chbox");
am.cancellaArticolo(chboxArticoliDaCancellare);
request.getRequestDispatcher("gestione_admin.jsp").forward(request, response);
} finally {
out.close();
}
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
这是 jsp 页面的一部分
/* gestione_admin.jsp */
<%
for (int i=0; i<al.size(); i++){
out.println("<table>");
out.println("<tr>");
out.println("<td>");
%>
<form action="CancellaArticolo">
<input type="checkbox" name="chbox" value="<%=+al.get(i).getId()%>"/>
<%
out.println("<b>Autore: </b>"+al.get(i).getAutore()+" <b>Articolo: </b>"+al.get(i).getTitolo()+"</td>");
out.println("</tr>");
out.println("</table>");
%>
</form>
<%
}
%>
<input type="submit" value="Cancella Articoli Selezionati"></input>
</form>
看起来几乎没问题...有什么问题吗?
I can't manage to work this part of my app. I have to delete some records (correctly loaded from DB) in mysql database from a jsp page, checking checkboxes and clicking submit button.
Even if data is correctly displayed, nothing is been deleted from DB
Here's the code:
Here's the class
/* ArticoliManager.java */
public class ArticoliManager {
public void cancellaArticolo(String chboxArticoliDaCancellare[]) throws SQLException{
Connection con = DBConnectionPool.getConnection();
PreparedStatement ps = null;
try {
for(String deleteThem:chboxArticoliDaCancellare){
String query = "DELETE * FROM articoli WHERE id='"+deleteThem+"'";
ps = con.prepareStatement(query);
ps.executeUpdate();
con.commit();
}
}
finally {
if (ps != null) {
try {
ps.close();
}
catch (SQLException ignored) {
}
}
try {
con.close();
}
catch (SQLException ignored) {
}
}
}
}
Here's the servlet
/* CancellaArticolo.java
*/
public class CancellaArticoloServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
int idArticoloDaCancellare = 0;
try {
ArticoliManager am = new ArticoliManager();
String chboxArticoliDaCancellare[] = request.getParameterValues("chbox");
am.cancellaArticolo(chboxArticoliDaCancellare);
request.getRequestDispatcher("gestione_admin.jsp").forward(request, response);
} finally {
out.close();
}
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
processRequest(request, response);
} catch (SQLException ex) {
Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
Here's part of the jsp page
/* gestione_admin.jsp */
<%
for (int i=0; i<al.size(); i++){
out.println("<table>");
out.println("<tr>");
out.println("<td>");
%>
<form action="CancellaArticolo">
<input type="checkbox" name="chbox" value="<%=+al.get(i).getId()%>"/>
<%
out.println("<b>Autore: </b>"+al.get(i).getAutore()+" <b>Articolo: </b>"+al.get(i).getTitolo()+"</td>");
out.println("</tr>");
out.println("</table>");
%>
</form>
<%
}
%>
<input type="submit" value="Cancella Articoli Selezionati"></input>
</form>
it seems almost allright... what's the problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
复选框值必须是项目的 ID。像这样的事情:
当您费心调试 chboxArticoliDaCancellare 值时,您应该已经发现了这一点。正如您所看到的,它们都是
“chkbox”。您还需要确保输入元素都位于与应该发送所需数据的提交按钮相同
与具体问题无关,您没有正确使用
PreparedStatement。那里仍然存在 SQL 注入漏洞,因为您在 SQL 字符串内连接了用户控制的请求参数值,而不是使用占位符?与PreparedStatement#setXxx()调用。另外,考虑看看 JSTL/EL,它会让你的演示代码更干净。The checkbox value must be the ID of the item. Something like this:
You should already have discovered this when you bothered to debug the
chboxArticoliDaCancellarevalues. As you had it, they are all"chkbox".You also need to ensure that the input elements are all inside the same
<form>as the submit button which is supposed to send the desired data along. So, basically:Unrelated to the concrete problem, you're not using
PreparedStatementcorrectly. You still have a SQL injection hole there because you concatenated the user-controlled request parameter value inside the SQL string instead of using a placeholder?with aPreparedStatement#setXxx()call. Also, consider looking at JSTL/EL, it will make your presentation code cleaner.