錯誤在我的數據庫的servlet

Question

我寫一個數據庫的servlet連接，一切似乎都很好，只是似乎是一個錯誤在我的連接

import java.io.IOException; 
import java.sql.Connection; 
import java.sql.DriverManager; 
import java.sql.PreparedStatement; 
import java.sql.ResultSet; 
import java.sql.SQLException; 
import java.sql.Statement; 
import java.util.ArrayList; 

import javax.servlet.RequestDispatcher; 
import javax.servlet.ServletContext; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServlet; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

public class DBServlet3 extends HttpServlet 
{ 
    private static final long serialVersionUID = 1L; 

    @Override 
    public void init() throws ServletException 
    { 
     super.init(); 
     try 
     { 
      String jdbcDriverClass= 
       getServletContext().getInitParameter("jdbcDriverClass"); 
      if (jdbcDriverClass == null) 
       throw new ServletException("Could not find jdbcDriverClass initialization parameter"); 
      Class.forName(jdbcDriverClass); 
     } 
     catch (ClassNotFoundException e) 
     { 
      throw new ServletException("Could not load JDBC driver class", e); 
     } 
    } 

    @Override 
    protected void doGet(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException 
    { 
     RequestDispatcher dispatcher= 
      request.getRequestDispatcher("/db.jsp"); 

     ServletContext application= getServletContext(); 

     ArrayList<String> names= new ArrayList<String>(); 

     try 
     { 

      Connection connection= null; 
      Statement statement= null; 
      ResultSet results= null; 

      try 
      { 
       String jdbcUrl= application.getInitParameter("jdbcUrl"); 
       String jdbcUser= application.getInitParameter("jdbcUser"); 
       String jdbcPassword= application.getInitParameter("jdbcPassword"); 

       connection= 
        DriverManager.getConnection(jdbcUrl, jdbcUser, jdbcPassword); 

       statement= connection.createStatement(); 

       results= statement.executeQuery("SELECT * FROM students"); 

       while (results.next()) 
       { 
        String name= results.getString("name"); 
        names.add(name); 
       } 
      } 
      finally 
      { 
       if (results != null) 
        results.close(); 
       if (statement != null) 
        statement.close(); 
       if (connection != null) 
        connection.close(); 
      } 
     } 
     catch (SQLException e) 
     { 
      throw new ServletException(e); 
     } 

     request.setAttribute("names", names); 

     dispatcher.forward(request, response); 
    } 

    @Override 
    protected void doPost(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException 
    { 
     String sql= "INSERT INTO students VALUES (" + 
      request.getParameter("id") + ", '" + request.getParameter("name") + "')"; 

     sql= "INSERT INTO students VALUES (?, ?, ?, ?)"; 

     PreparedStatement statement= connection.prepareStatement(sql); //error on this line 

     statement.setString(1, request.getParameter("id")); 
     statement.setString(2, request.getParameter("name")); 
    } 

} 

Answer 1

我並不清楚具體是什麼問題，我會編輯添加一個堆棧跟蹤。但是，一些觀察。

1. 你要和關閉您的doGet()方法的連接，但你沒有一個在你doPost()方法。所以這會導致錯誤。您應該按照請求以一致的方式獲得連接，並且可能（進一步）查看連接池框架，如C3P0或Apache DBCP。
2. 而不是從建立字符串形成SQL，檢查出PreparedStatements。他們將導致更少的錯誤代碼，並保護您免受SQL注入攻擊。您的servlet中有serialVersionUid。你真的需要序列化你的servlet嗎（我懷疑不是）？
3. Apache DbUtils會爲你做很多繁重的工作。 vanilla JDBC（例如，它將關注結果集/語句/連接關閉序列）。