我很難從多個表中檢索數據。它將成爲一個搜索表單及其關係數據庫。如何從Java Servlet中的多個表(PostgreSQL)中檢索數據?
問題1:如何從多個表中檢索數據?
問題2:同時我面臨的另一個問題是,我不能得到任何結果,如果我嘗試只能通過名稱或姓氏進行搜索。只有當我使用出生日期時纔會得到結果。爲什麼?
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
java.io.PrintWriter out = response.getWriter();
Connection conn = null;{ // while there is no connections, proceed to the next step
try {
Class.forName("org.postgresql.Driver"); // importing the driver to use the getConnection method
conn = DriverManager.getConnection(
"jdbc:postgresql://localhost:5432/caglar", "postgres", //?searchpath=cag
"abracadabra");
System.out.println("Connected to the database"); // console message
String agent_name = request.getParameter("givenname"); // variable - reads from user input
String agent_lastname = request.getParameter("familyname"); // variable - reads from user input
String dob = request.getParameter("birthyear"); // variable - reads from user input
ArrayList al=null;
ArrayList agent_list =new ArrayList();
//Problem 1: If dob is not given, it is not searching by name or lastname.
//String query = "select * from agent where givenname='"+agent_name+"' or familyname='"+agent_lastname+"' or birthyear='"+dob+"' order by givenname";
String query = "select * from agent where givenname='"+agent_name+"' or familyname='"+agent_lastname+"' ";
if(dob!=null && !"".equals(dob)) // if date of birth fiel is left blank, it will still proceed to the results page
query = query + " or birthyear='"+dob+"'"; // if date of birth exists, it will take it into account as well
query = query+ "order by givenname"; // ordering by first name
System.out.println("query" + query); // console message
Statement st = conn.createStatement(); // connection statement
ResultSet rs = st.executeQuery(query); // executing our query
while(rs.next())
{
al = new ArrayList();
al.add(rs.getString(1));//id
al.add(rs.getString(2));//dob
al.add(rs.getString(3));//name
al.add(rs.getString(4));//lastname
System.out.println("al :: "+al);
agent_list.add(al);
}
request.setAttribute("agentList",agent_list);
哇,這段代碼極易受SQL注入攻擊。想象一下,如果某人提交給定名稱(不含雙引號)「myname」; DROP TABLE agent; - 「會發生什麼情況。您至少需要使用參數化查詢。 – 2012-04-24 03:11:36
雖然不是直接的答案,但我強烈建議您查看(a)Facelets/JSF2和(b)JPA2。無論如何,請顯示您正在從工作和非工作測試用例生成的查詢文本。 – 2012-04-24 03:14:13
據推測,如果DoB沒有被給出,它不會匹配任何東西。這意味着您的給定名稱/姓氏WHERE子句總是評估爲false。沒有數據,爲什麼很難說。這可能是大小寫敏感,引用或各種各樣的事情。 – 2012-04-24 03:17:09