信息:服务器在 1054 毫秒后启动 java.sql.SQLException:ORA-00904:"USHA":标识符无效
INFO: Server startup in 1054 ms java.sql.SQLException: ORA-00904: "USHA": invalid identifier
我正在尝试执行一个简单的 servlet 程序(在 eclipse10.0 oracle10g,tomcat6.0 中),从 table.but 中检索数据我无法做到。在我的代码中检查了许多论坛,但仍然我也一样..请帮助我。我的代码是
entermail.html
<body>
<form action="getdata">
<p> Plz enter Your name ID Below to get your Details</p>
<input type="text" name="uname" >
<input type="submit" value="G@">
</form>
</body>
<servlet>
<servlet-name>MyServletdb</servlet-name>
<servlet-class>com.myservlets.demo.Servletdb</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServletdb</servlet-name>
<url-pattern>/getdata</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>enteremail.html</welcome-file>
</welcome-file-list>
</web-app>
public class Servletdb extends HttpServlet {
private static final long serialVersionUID = 1L;
Connection con;
Statement st;
ResultSet rs;
PrintWriter out;
String s1="jdbc:oracle:thin:@localhost:1521:XE",name;
String s2="system";
String s3="orclpass";
public void init(ServletConfig sc) throws ServletException {
// DB connection code
try{
Class.forName("oracle.jdbc.driver.OracleDriver");
con=DriverManager.getConnection(s1,s2,s3);
st=con.createStatement();
super.init(sc);
}
catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try{
response.setContentType("text/html");
out = response.getWriter();
name=request.getParameter("uname");
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
while(rs.next()){
out.println(rs.getString(1)+" "+rs.getString(2)+" "+rs.getString(3)+" "+rs.getString(4));
}
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
rs.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
try{
st.close();
con.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
}
Finally I have table in orcl DB is :
details: FIRSTNAME LASTNAME ADDRESS EMAILID
错误:
信息:服务器启动时间为 1080 毫秒
java.sql.SQLException: ORA-00904: "USHA": 无效标识符
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:743)
at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:207)
at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:790)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1038)
at oracle.jdbc.driver.T4CStatement.executeMaybeDescribe(T4CStatement.java:830)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1133)
at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1273)
at com.myservlets.demo.Servletdb.doGet(Servletdb.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
这是问题所在:
// BROKEN (will give query such as "select * from details where FIRSTNAME=Jon"
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
我怀疑你 的意思是 在 name 的值周围添加一个单引号,这样 where 子句就类似于 where FIRSTNAME='Jon' 像这样:
// WARNING: DO NOT USE (keep reading) even though it works in simple cases
rs = st.executeQuery("select *from details where FIRSTNAME='" + name + "'");
...但这仍然不是解决问题的 好的 方法,因为它容易受到 SQL injection attacks 的攻击。相反,您应该使用准备好的语句 - 打开连接,然后使用:
PreparedStatement query =
conn.prepareStatement("select * from details where FIRSTNAME=?");
query.setString(1, name);
ResultSet results = query.executeQuery();
...
请注意,我会在每个请求上单独打开连接并在您完成后关闭它(使用 try-with-resources 语句),使用连接池以提高效率。这比尝试在多个线程之间安全地共享单个连接要干净。
有关使用准备好的语句的更多详细信息,请参阅 JDBC tutorial on PreparedStatement。
我正在尝试执行一个简单的 servlet 程序(在 eclipse10.0 oracle10g,tomcat6.0 中),从 table.but 中检索数据我无法做到。在我的代码中检查了许多论坛,但仍然我也一样..请帮助我。我的代码是
entermail.html
<body>
<form action="getdata">
<p> Plz enter Your name ID Below to get your Details</p>
<input type="text" name="uname" >
<input type="submit" value="G@">
</form>
</body>
<servlet>
<servlet-name>MyServletdb</servlet-name>
<servlet-class>com.myservlets.demo.Servletdb</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServletdb</servlet-name>
<url-pattern>/getdata</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>enteremail.html</welcome-file>
</welcome-file-list>
</web-app>
public class Servletdb extends HttpServlet {
private static final long serialVersionUID = 1L;
Connection con;
Statement st;
ResultSet rs;
PrintWriter out;
String s1="jdbc:oracle:thin:@localhost:1521:XE",name;
String s2="system";
String s3="orclpass";
public void init(ServletConfig sc) throws ServletException {
// DB connection code
try{
Class.forName("oracle.jdbc.driver.OracleDriver");
con=DriverManager.getConnection(s1,s2,s3);
st=con.createStatement();
super.init(sc);
}
catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try{
response.setContentType("text/html");
out = response.getWriter();
name=request.getParameter("uname");
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
while(rs.next()){
out.println(rs.getString(1)+" "+rs.getString(2)+" "+rs.getString(3)+" "+rs.getString(4));
}
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
rs.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
try{
st.close();
con.close();
}catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
}
}
Finally I have table in orcl DB is :
details: FIRSTNAME LASTNAME ADDRESS EMAILID
错误: 信息:服务器启动时间为 1080 毫秒 java.sql.SQLException: ORA-00904: "USHA": 无效标识符
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288)
at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:743)
at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:207)
at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:790)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1038)
at oracle.jdbc.driver.T4CStatement.executeMaybeDescribe(T4CStatement.java:830)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1133)
at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1273)
at com.myservlets.demo.Servletdb.doGet(Servletdb.java:48)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
这是问题所在:
// BROKEN (will give query such as "select * from details where FIRSTNAME=Jon"
rs=st.executeQuery("select *from details where FIRSTNAME="+name+"");
我怀疑你 的意思是 在 name 的值周围添加一个单引号,这样 where 子句就类似于 where FIRSTNAME='Jon' 像这样:
// WARNING: DO NOT USE (keep reading) even though it works in simple cases
rs = st.executeQuery("select *from details where FIRSTNAME='" + name + "'");
...但这仍然不是解决问题的 好的 方法,因为它容易受到 SQL injection attacks 的攻击。相反,您应该使用准备好的语句 - 打开连接,然后使用:
PreparedStatement query =
conn.prepareStatement("select * from details where FIRSTNAME=?");
query.setString(1, name);
ResultSet results = query.executeQuery();
...
请注意,我会在每个请求上单独打开连接并在您完成后关闭它(使用 try-with-resources 语句),使用连接池以提高效率。这比尝试在多个线程之间安全地共享单个连接要干净。
有关使用准备好的语句的更多详细信息,请参阅 JDBC tutorial on PreparedStatement。