为什么得到"Column 'ASD' is either not in any table in the FROM list or appears within a join specification"?
Why got "Column 'ASD' is either not in any table in the FROM list or appears within a join specification"?
虽然 运行 我的代码出现以下异常:
java.sql.SQLSyntaxErrorException: Column 'ASD' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE statement then 'ASD' is not a column in the target table. This is the error that print for exception e
这是我的代码:
String driver = "org.apache.derby.jdbc.ClientDriver";
String connectionUrl = "jdbc:derby://localhost:1527/";
String database = "EmployeeDB";
String DBid = "app";
String DBpass = "app";
<%
try{
Connection connection = DriverManager.getConnection(connectionUrl+database, DBid, DBpass);
Statement stt=connection.createStatement();
//String sql ="select * from USERPROFILE where username="+Sname;
String sql ="select * from USERPROFILE where username="+Sname;
out.print("<br>4Welcome to Session Page: SQL "+sql);
out.print("<br>5Welcome to Session Page: result "+Spass);
ResultSet resultSQL = stt.executeQuery(sql);
out.print("<br>6Welcome to Session Page: result "+Spass);
while(resultSQL.next()){
out.print("<br>7Welcome to Session Page: Name "+Sname+ " Pass "+Spass);
%>
<!DOCTYPE html>
<html>
<body>
<button onclick="history.back()">Go Back</button>
<h1>Update data from database in jsp</h1>
<form method="post" action="update-process.jsp">
<br>
<input type="hidden" name="id" value="<%=resultSQL.getString("id") %>">
Username:<br>
<input type="text" name="username" value="<%=resultSQL.getString("username") %>">
<br>
Password:<br>
<input type="text" name="password" value="<%=resultSQL.getString("password") %>">
<br>
Contact:<br>
<input type="text" name="contact" value="<%=resultSQL.getString("contact") %>">
<br>
Email:<br>
<input type="text" name="password" value="<%=resultSQL.getString("email") %>">
<br>
Work hour per Week<br>
<input type="text" name="workhour" value="<%=resultSQL.getString("workhour") %>">
<br>
Reward:<br>
<input type="text" name="reward" value="<%=resultSQL.getString("reward") %>">
<br>
<br><br>
<input type="submit" value="submit" onclick="return confirm('Are you sure you want to update?');">
</form>
<%
}
connection.close();
} catch (Exception e) {
e.printStackTrace();
}
在你的代码中,Sname 是字符串,那么查询应该是 SELECT * FROM USERPROFILE WHERE username='"+ Sname +"'"。对于 Integer 使用像 "+ Integer +" 这样的引号,对于 String 使用像 '"+ String +"'
这样的引号
下面是您的代码中的一些错误。
- 此查询不安全,您必须使用
Parameterized Queries 来保护您的数据。
- 为避免任何语法错误,您必须使用
PreparedStatement 而不是 Statement。
- 将所有代码放在
<form> 标签内,因为如果代码在 <form> 标签之外,则不允许在表单中提交。
下面是修改后的代码 Parameterized Queries.
<!DOCTYPE html>
<html>
<body>
<button onclick="history.back()">Go Back</button>
<h1>Update data from database in jsp</h1>
<form method="post" action="update-process.jsp">
<%
try{
String sql ="SELECT * FROM USERPROFILE WHERE username = ?";
Connection connection = DriverManager.getConnection(connectionUrl + database, DBid, DBpass);
PreparedStatement stt = connection.prepareStatement(sql);
stt.setString(1, Sname);
out.print("<br>4Welcome to Session Page: SQL " + sql);
out.print("<br>5Welcome to Session Page: result " + Spass);
ResultSet resultSQL = pst.executeQuery();
out.print("<br>6Welcome to Session Page: result " + Spass);
while(resultSQL.next()){
out.print("<br>7Welcome to Session Page: Name " + Sname + " Pass " + Spass);
%>
<br>
<input type="hidden" name="id" value="<%=resultSQL.getString("id") %>">
Username:<br>
<input type="text" name="username" value="<%=resultSQL.getString("username") %>">
<br>
Password:<br>
<input type="text" name="password" value="<%=resultSQL.getString("password") %>">
<br>
Contact:<br>
<input type="text" name="contact" value="<%=resultSQL.getString("contact") %>">
<br>
Email:<br>
<input type="text" name="password" value="<%=resultSQL.getString("email") %>">
<br>
Work hour per Week<br>
<input type="text" name="workhour" value="<%=resultSQL.getString("workhour") %>">
<br>
Reward:<br>
<input type="text" name="reward" value="<%=resultSQL.getString("reward") %>">
<br>
<br><br>
<input type="submit" value="submit" onclick="return confirm('Are you sure you want to update?');">
<%
}
sst.close();
connection.close();
} catch (Exception e) {
e.printStackTrace();
}
%>
</form>
虽然 运行 我的代码出现以下异常:
java.sql.SQLSyntaxErrorException: Column 'ASD' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE statement then 'ASD' is not a column in the target table. This is the error that print for exception e
这是我的代码:
String driver = "org.apache.derby.jdbc.ClientDriver";
String connectionUrl = "jdbc:derby://localhost:1527/";
String database = "EmployeeDB";
String DBid = "app";
String DBpass = "app";
<%
try{
Connection connection = DriverManager.getConnection(connectionUrl+database, DBid, DBpass);
Statement stt=connection.createStatement();
//String sql ="select * from USERPROFILE where username="+Sname;
String sql ="select * from USERPROFILE where username="+Sname;
out.print("<br>4Welcome to Session Page: SQL "+sql);
out.print("<br>5Welcome to Session Page: result "+Spass);
ResultSet resultSQL = stt.executeQuery(sql);
out.print("<br>6Welcome to Session Page: result "+Spass);
while(resultSQL.next()){
out.print("<br>7Welcome to Session Page: Name "+Sname+ " Pass "+Spass);
%>
<!DOCTYPE html>
<html>
<body>
<button onclick="history.back()">Go Back</button>
<h1>Update data from database in jsp</h1>
<form method="post" action="update-process.jsp">
<br>
<input type="hidden" name="id" value="<%=resultSQL.getString("id") %>">
Username:<br>
<input type="text" name="username" value="<%=resultSQL.getString("username") %>">
<br>
Password:<br>
<input type="text" name="password" value="<%=resultSQL.getString("password") %>">
<br>
Contact:<br>
<input type="text" name="contact" value="<%=resultSQL.getString("contact") %>">
<br>
Email:<br>
<input type="text" name="password" value="<%=resultSQL.getString("email") %>">
<br>
Work hour per Week<br>
<input type="text" name="workhour" value="<%=resultSQL.getString("workhour") %>">
<br>
Reward:<br>
<input type="text" name="reward" value="<%=resultSQL.getString("reward") %>">
<br>
<br><br>
<input type="submit" value="submit" onclick="return confirm('Are you sure you want to update?');">
</form>
<%
}
connection.close();
} catch (Exception e) {
e.printStackTrace();
}
在你的代码中,Sname 是字符串,那么查询应该是 SELECT * FROM USERPROFILE WHERE username='"+ Sname +"'"。对于 Integer 使用像 "+ Integer +" 这样的引号,对于 String 使用像 '"+ String +"'
下面是您的代码中的一些错误。
- 此查询不安全,您必须使用
Parameterized Queries来保护您的数据。 - 为避免任何语法错误,您必须使用
PreparedStatement而不是Statement。 - 将所有代码放在
<form>标签内,因为如果代码在<form>标签之外,则不允许在表单中提交。
下面是修改后的代码 Parameterized Queries.
<!DOCTYPE html>
<html>
<body>
<button onclick="history.back()">Go Back</button>
<h1>Update data from database in jsp</h1>
<form method="post" action="update-process.jsp">
<%
try{
String sql ="SELECT * FROM USERPROFILE WHERE username = ?";
Connection connection = DriverManager.getConnection(connectionUrl + database, DBid, DBpass);
PreparedStatement stt = connection.prepareStatement(sql);
stt.setString(1, Sname);
out.print("<br>4Welcome to Session Page: SQL " + sql);
out.print("<br>5Welcome to Session Page: result " + Spass);
ResultSet resultSQL = pst.executeQuery();
out.print("<br>6Welcome to Session Page: result " + Spass);
while(resultSQL.next()){
out.print("<br>7Welcome to Session Page: Name " + Sname + " Pass " + Spass);
%>
<br>
<input type="hidden" name="id" value="<%=resultSQL.getString("id") %>">
Username:<br>
<input type="text" name="username" value="<%=resultSQL.getString("username") %>">
<br>
Password:<br>
<input type="text" name="password" value="<%=resultSQL.getString("password") %>">
<br>
Contact:<br>
<input type="text" name="contact" value="<%=resultSQL.getString("contact") %>">
<br>
Email:<br>
<input type="text" name="password" value="<%=resultSQL.getString("email") %>">
<br>
Work hour per Week<br>
<input type="text" name="workhour" value="<%=resultSQL.getString("workhour") %>">
<br>
Reward:<br>
<input type="text" name="reward" value="<%=resultSQL.getString("reward") %>">
<br>
<br><br>
<input type="submit" value="submit" onclick="return confirm('Are you sure you want to update?');">
<%
}
sst.close();
connection.close();
} catch (Exception e) {
e.printStackTrace();
}
%>
</form>