所以我再次堅持這個這是我的代碼爲.JSP頁,我試圖點擊一個藝術家的名字,它會顯示電影,他們出現在我擁有的一切在第一個查詢中工作,但是當我到達queryMovies時,我嘗試將電影的標題改回到應該帶我到另一個頁面的電影ID,我得到的錯誤中間無法解析爲變量。我究竟做錯了什麼?謝謝。mid不能解析爲變量
<html>
<head>
<%@ include file="header.htm" %>
<%@ page import="java.sql.*" %>
<%
Class.forName("com.mysql.jdbc.Driver").newInstance();
String cs="jdbc:mysql://localhost:3306/hunters?user=root&password=password";
Connection cxn = DriverManager.getConnection(cs);
Statement stm = cxn.createStatement();
int oscar = 0;
String fname = request.getParameter("fname");
String lname = "", dob = "", nation = "", imdb = "", url = "", newaid = "", title = "", studio = "", role = "", rlsdate = "";
String queryArtist = "SELECT * FROM artist WHERE aid = '" + request.getParameter("selectedName") + "';";
ResultSet rsArtist = stm.executeQuery(queryArtist);
rsArtist.next();
fname = rsArtist.getString("fname");
lname = rsArtist.getString("lname");
dob = rsArtist.getString("dob").substring(0,4);
nation = rsArtist.getString("nation");
imdb = rsArtist.getString("imdb");
url = rsArtist.getString("url");
%>
<title><%= fname %> <%= lname %></title>
<h2><FONT COLOR="B22222"><%= fname%> <%= lname%></FONT></h2>
<p>Born in: <%= dob%></p>
<p>Nationality: <%= nation%></p>
<p>IMDB Bio: <a href="http://www.imdb.com/name/<%= imdb%>/" target="_blank">http://www.imdb.com/name/<%= imdb%>/</a></p>
<%
if (url == null)
{
out.println("<br />");
}
else
{
out.println("Website: <a href=" + url + "target=_blank>" + url + "</a><br>");
}
%>
<hr />
<h3><FONT COLOR="B22222">Filmography</FONT></h3>
<%
newaid = request.getParameter("selectedName");
String queryMovies = "SELECT * FROM artist, movies, artistmovie WHERE artistmovie.mid = movies.mid AND artist.aid = artistmovie.aid AND artist.aid = '";
queryMovies += request.getParameter("selectedName") + "';";
ResultSet rsMovies = stm.executeQuery(queryMovies);
while(rsMovies.next())
{
title = rsMovies.getString("title");
studio = rsMovies.getString("studio");
rlsdate = rsMovies.getString("rlsdate");
role = rsMovies.getString("role");
oscar = rsMovies.getInt("oscar");
mid = rsMovies.getInt("mid");
out.println("<tr><td> </td><td><a href= artistmovie.jsp?SelectedTitle=" + mid + ">" + title + " <a/></td>");
out.println("<td> </td><td>(" + studio + "</a></td>");
out.println("<td></td><td>" + rlsdate + ")</td>");
out.println("<td> </td><td>" + role + "</td></br></br>");
}
if (oscar == 0)
{
out.println("<td> </td><td><br /></td>");
}
else
{
out.println("<td> </td><td>Won oscar</td></tr>");
}
%>
<%@ include file="footer.htm" %>
</body>
</html>
無關具體問題,你有一個[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻擊漏洞,你泄漏數據庫資源。 – BalusC 2012-04-17 17:30:34
對不起,如果我做錯了BalusC這是一個假設的數據庫,不會放在任何地方。希望我的新鮮事不會造成任何問題。 – user1186518 2012-04-17 17:47:38