我正在从 AddStudent.jsp 的表单操作中调用 InserStudent.jsp 文件
从我想将数据插入数据库的位置。
我的数据库表的结构如下:
ID|Name|RollNumber|PhoneNumber|StudyProgram|Status
下面是InserStudent.jsp的代码
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import="java.sql.*" %>
<!DOCTYPE html>
<html>
<body>
<%
String nam=request.getParameter("stuname");
String roll=request.getParameter("sturoll");
String phone=request.getParameter("stuphone");
String prog=request.getParameter("stuprogram");
String stats=request.getParameter("stustatus");
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String url = "jdbc:odbc:stdProjectDataDSN";
Connection c = DriverManager.getConnection(url);
Statement statement = c.createStatement() ;
String sql = "insert into students (ID, NAME, RollNumber, PhoneNumber, StudyProgram, Status )";
sql += "values ( '"+ nam +"','"+ nam +"','"+ roll +"','"+ phone +"','"+ prog +"',"+ stats +" )";
statement.execute ( sql );
c.close();
response.sendRedirect("ManageAllStudent.jsp");
%>
</body>
</html>
这会导致以下异常:
HTTP Status 500
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: An exception occurred processing JSP page /web/InserStudent.jsp at line 27
24: Statement statement = c.createStatement() ;
25: String sql = "insert into students (ID, NAME, RollNumber, PhoneNumber, StudyProgram, Status )";
26: sql += "values ( '"+ nam +"','"+ nam +"','"+ roll +"','"+ phone +"','"+ prog +"',"+ stats +" )";27: statement.execute ( sql );
28: c.close(); 29: 30: response.sendRedirect("ManageAllStudent.jsp");Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:521) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:412) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
root cause
javax.servlet.ServletException: java.sql.SQLException: [Microsoft][ODBC Microsoft Access > Driver] Too few parameters. Expected 1. note The full stack trace of the root cause is available in the Apache Tomcat/6.0.35 logs.javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
我错过了什么或者我做错了什么?在 ShowAllStudent.jsp 页面中,它显示了我使用相同脚本的数据库中的所有数据。
最佳答案
您不应该在 JSP 中编写 Java 代码(请阅读 SO FAQ - How to avoid Java Code in JSP)。您必须添加 Servlet 才能执行数据库操作。
除此之外,您还必须了解 JDBC API 的工作原理,正如 @BalusC 评论的那样,您的代码是 sql 注入(inject)漏洞的受害者。为了避免 SQL 注入(inject),请使用 PrepreadStatement(参数化查询)。
Connection cn=null;
PreparedStatement ps=null;
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String url = "jdbc:odbc:stdProjectDataDSN";
Connection c = DriverManager.getConnection(url);
try{
String sql="insert into students (ID,NAME,RollNumber,PhoneNumber,StudyProgram,Status)
Values (?,?,?,?,?,?)";
ps=cn.prepareStatement(sql);
ps.setInt(1,10);
ps.setString(2,nam);
...
ps.executeUpdate()
}catch(SQLException ex){
}finally{
if(ps!=null){
try { ps.close(); } catch(Exception ex) {}
}
if(cn!=null){
try { cn.close(); } catch(Exception ex) {}
}
}
PS:如果列 ID 是自动生成的数字,则不要包含在您的列集中。
String sql="insert into students (NAME,RollNumber,PhoneNumber,StudyProgram,Status)
Values (?,?,?,?,?)";
关于java - java.sql.SQLException : [Microsoft][ODBC Microsoft Access > Driver] Too few parameters. 预期 1,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11254745/