工作,我有一个网页,它允许用户输入一个词,这个词被提交时,它会从MySQL数据库中删除。但问题是该声明没有被执行。MYSQL Delete语句不与Java Servlet的
我的形式:
<form id="rem1" action="removeGER" method="GET">
<input type="text" name="wordToRemoveGER" placeholder="Entry (GER)">
<input type="submit" id="removeBtnGER" value="Remove Entry">
</form>
我的servlet:
@WebServlet(name = "removeGER", urlPatterns = {"/removeGER"})
public class removeGER extends HttpServlet {
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String wordGER = request.getParameter("wordToRemoveGER");
PrintWriter out = response.getWriter();
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Remove Word</title>");
out.println("</head>");
out.println("<body>");
Connection conn = null;
try {
// Database Checking Area
SimpleDataSource.init("/database.properties");
} catch (ClassNotFoundException ex) {
Logger.getLogger(Register.class.getName()).log(Level.SEVERE, null, ex);
}
try {
conn = SimpleDataSource.getConnection();
Statement stat = conn.createStatement();
//ResultSet result =
stat.executeQuery(" DELETE FROM `word` WHERE `word` = \""+wordGER+"\"");
out.println("<h2>You have successfully removed the word " + wordGER + "!</h2>");
} catch (SQLException ex) {
Logger.getLogger(removeID.class.getName()).log(Level.SEVERE, null, ex);
}
out.println("</body>");
out.println("</html>");
}
}
我知道该字符串被正确地从表单中检索,我知道正在执行try块。这个问题似乎与mysql语句本身有关。
每个'executeQuery()'命令只能使用一个查询。你有两个('SET'和'DELETE'命令)。 – maja
您已经成功创建了一个可能的* SQL注入*!你应该使用准备好的语句.. – maja