<%@ page language="java" import="java.util.*, java.sql.*" pageEncoding="utf-8"%> <%@page import="com.util.SQLConn"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>登陆跳转servlet</title> </head> <body> <% String usernum = request.getParameter("usernum"); String userpwd = request.getParameter("userpwd"); Connection conn = SQLConn.openDB(); // 使用PreparedStatment进行预编译 PreparedStatement pstmt = conn.prepareStatement("select UserId, Code,Login from User_ZC where UserId=? and Code=? and Login=0"); pstmt.setString(1, usernum); pstmt.setString(2, userpwd); ResultSet rs = pstmt.executeQuery(); boolean v = rs.next(); if(v){ final String UPDATE_SQL = "update User_ZC set Login=? where UserId=?"; int count = 0; try { Connection connn = SQLConn.openDB(); PreparedStatement pstmte = conn.prepareStatement(UPDATE_SQL); { pstmt.setInt(1, 1); pstmt.setString(2, usernum); count = pstmt.executeUpdate(); } } catch (SQLException e) { e.printStackTrace(); } if (count > 0){ request.getRequestDispatcher("ZCS.jsp").forward(request, response); }else{System.out.print("登陆失败");} } else{ request.getRequestDispatcher("ZCB.jsp").forward(request, response); } %> </body> </html>找bug
时间: 2024-01-17 08:02:43 浏览: 28
在第24行,应该使用已经预编译好的 PreparedStatement 对象 pstmte 而不是重新使用 conn.prepareStatement() 方法创建一个新的 PreparedStatement 对象。正确的代码应该是:
```
pstmte.setInt(1, 1);
pstmte.setString(2, usernum);
count = pstmte.executeUpdate();
```
相关问题
<%@ page language="java" import="java.util.*, java.sql.*" pageEncoding="utf-8"%> <%@page import="com.util.SQLConn"%> <%@page import="org.apache.commons.lang3.*" %> <%@page import="com.util.LOGS" %> <html> <body> <%-- 获取前端数据 --%> <% String username = request.getParameter("username"); String usernum = request.getParameter("usernum"); String name=request.getParameter("ytime"); String mon=request.getParameter("mtime"); String num=request.getParameter("rtime"); String people = request.getParameter("people"); %> <%-- 定义SQLConn类和INSERT_SQL常量 --%> <% final String INSERT_SQL = "INSERT INTO YuYue(UserID, Time, People) VALUES (?, ?, ?)"; %> <%-- 执行数据库操作 --%> <% int count = 0; try {Connection conn = SQLConn.openDB(); PreparedStatement pstmt = conn.prepareStatement(INSERT_SQL); { pstmt.setString(1, usernum); pstmt.setString(2, name+mon+num); pstmt.setString(3, people); count = pstmt.executeUpdate(); }} catch (SQLException e) { e.printStackTrace(); } %> <%-- 根据执行结果进行相应的操作 --%> <c:choose> <c:when test="${count > 0}"> <%-- 成功跳转到ZCS.jsp --%> <c:redirect url="ZCS.jsp"/> </c:when> <c:otherwise> <%-- 失败跳转到ZCB.jsp --%> <c:redirect url="../ZCB.jsp"/> </c:otherwise> </c:choose> </body> </html>优化代码
以下是对代码进行优化的建议:
1. 在第二行中,导入语句中的星号通配符应该避免使用,应该明确导入需要使用的类或接口。
2. 在第十行中,可以将 INSERT_SQL 常量定义在 SQLConn 类中并进行调用,以提高代码的可维护性和复用性。
3. 在第十二行中,PreparedStatement 对象应该使用 try-with-resources 语句,以自动释放资源并避免资源泄露问题。
4. 在第十六至二十二行中,可以使用 EL 表达式代替 JSTL 标签,以简化代码并提高可读性。
基于上述建议,优化后的代码如下:
```
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="java.util.*, java.sql.*"%>
<%@ page import="com.util.SQLConn"%>
<%@ page import="com.util.LOGS"%>
<%@ page import="org.apache.commons.lang3.*"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert Data</title>
</head>
<body>
<%-- 获取前端数据 --%>
<% String username = request.getParameter("username");
String usernum = request.getParameter("usernum");
String name = request.getParameter("ytime");
String mon = request.getParameter("mtime");
String num = request.getParameter("rtime");
String people = request.getParameter("people"); %>
<%-- 执行数据库操作 --%>
<% int count = 0;
try (Connection conn = SQLConn.openDB();
PreparedStatement pstmt = conn.prepareStatement(SQLConn.INSERT_SQL)) {
pstmt.setString(1, usernum);
pstmt.setString(2, name + mon + num);
pstmt.setString(3, people);
count = pstmt.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
} %>
<%-- 根据执行结果进行相应的操作 --%>
<c:if test="${count > 0}">
<%-- 成功跳转到 ZCS.jsp --%>
<jsp:forward page="ZCS.jsp"></jsp:forward>
</c:if>
<c:if test="${count <= 0}">
<%-- 失败跳转到 ZCB.jsp --%>
<jsp:forward page="../ZCB.jsp"></jsp:forward>
</c:if>
</body>
</html>
```
优化后的代码更加简洁、易读、易维护,并且避免了可能存在的一些问题。
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> <%@page import="com.util.SQLConn"%> <%@page import="java.sql.*" %> <%@page import="java.sql.Statement" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <html> <body> <% // 获取前端数据 String username = request.getParameter("username"); String usernum = request.getParameter("usernum"); String userpwd = request.getParameter("userpwd"); // 执行数据库操作 Connection conn = null; PreparedStatement pstmt = null; ResultSet rs = null; int count = 0; try { conn = SQLConn.openDB(); String sql = "INSERT INTO User_ZC(UserID, Name, Code, Power) VALUES (?, ?, ?, ?)"; pstmt = conn.prepareStatement(sql); pstmt.setString(1, usernum); pstmt.setString(2, username); pstmt.setString(3, userpwd); pstmt.setInt(4, 1); count = pstmt.executeUpdate(); } catch (SQLException e) { e.printStackTrace(); } finally { SQLConn.closeDB(conn, pstmt, rs); } // 根据执行结果进行相应的操作 if (count > 0) { request.getRequestDispatcher("ZCS.jsp").forward(request,response); } else { request.getRequestDispatcher("ZCB.jsp").forward(request,response); } %> </body> </html>,优化代码
首先,需要对代码进行分层,将数据库操作和前端数据获取分离。然后可以使用 try-with-resources 语句来代替传统的 try-catch-finally 语句,避免代码冗余。最后,可以将 SQL 语句提取为常量,方便代码维护。
优化后的代码如下:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@page import="com.util.SQLConn"%>
<%@page import="java.sql.*" %>
<%@page import="java.sql.Statement" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<html>
<body>
<%-- 获取前端数据 --%>
<%
String username = request.getParameter("username");
String usernum = request.getParameter("usernum");
String userpwd = request.getParameter("userpwd");
%>
<%-- 执行数据库操作 --%>
<%
int count = 0;
try (Connection conn = SQLConn.openDB();
PreparedStatement pstmt = conn.prepareStatement(INSERT_SQL)) {
pstmt.setString(1, usernum);
pstmt.setString(2, username);
pstmt.setString(3, userpwd);
pstmt.setInt(4, 1);
count = pstmt.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
}
%>
<%-- 根据执行结果进行相应的操作 --%>
<%
if (count > 0) {
request.getRequestDispatcher("ZCS.jsp").forward(request, response);
} else {
request.getRequestDispatcher("ZCB.jsp").forward(request, response);
}
%>
<%-- SQL 语句常量 --%>
<%
private static final String INSERT_SQL = "INSERT INTO User_ZC(UserID, Name, Code, Power) VALUES (?, ?, ?, ?)";
%>
</body>
</html>