通過複選框刪除mysql多條記錄並提交按鈕

Question

我無法管理我的應用程序的這部分。我必須從jsp頁面刪除mysql數據庫中的一些記錄（從數據庫正確加載），選中複選框並單擊提交按鈕。 即使正確顯示數據，沒有什麼是被從DB 刪除下面的代碼：

這裏的類

/* ArticoliManager.java */ 
public class ArticoliManager { 

public void cancellaArticolo(String chboxArticoliDaCancellare[]) throws SQLException{ 
Connection con = DBConnectionPool.getConnection(); 
PreparedStatement ps = null; 
try { 
    for(String deleteThem:chboxArticoliDaCancellare){ 
    String query = "DELETE * FROM articoli WHERE id='"+deleteThem+"'"; 
    ps = con.prepareStatement(query); 
    ps.executeUpdate(); 
    con.commit(); 
} 
} 
finally { 
    if (ps != null) { 
     try { 
      ps.close(); 
     } 
     catch (SQLException ignored) { 
     } 
    } 
    try { 
     con.close(); 
    } 
    catch (SQLException ignored) { 
    } 
} 

} 
} 

這裏的servlet的

/* CancellaArticolo.java 
*/ 
public class CancellaArticoloServlet extends HttpServlet { 

protected void processRequest(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException, SQLException { 
    response.setContentType("text/html;charset=UTF-8"); 
    PrintWriter out = response.getWriter(); 
    HttpSession session = request.getSession(); 
    int idArticoloDaCancellare = 0; 
    try { 
     ArticoliManager am = new ArticoliManager(); 
     String chboxArticoliDaCancellare[] = request.getParameterValues("chbox"); 
     am.cancellaArticolo(chboxArticoliDaCancellare); 
     request.getRequestDispatcher("gestione_admin.jsp").forward(request, response); 
    } finally {    
     out.close(); 
    } 
} 

@Override 
protected void doGet(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException { 
    try { 
     processRequest(request, response); 
    } catch (SQLException ex) { 
     Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex); 
    } 
} 

/** 
* Handles the HTTP <code>POST</code> method. 
* @param request servlet request 
* @param response servlet response 
* @throws ServletException if a servlet-specific error occurs 
* @throws IOException if an I/O error occurs 
*/ 
@Override 
protected void doPost(HttpServletRequest request, HttpServletResponse response) 
     throws ServletException, IOException { 
    try { 
     processRequest(request, response); 
    } catch (SQLException ex) { 
     Logger.getLogger(CancellaArticoloServlet.class.getName()).log(Level.SEVERE, null, ex); 
    } 
} 

/** 
* Returns a short description of the servlet. 
* @return a String containing servlet description 
*/ 
@Override 
public String getServletInfo() { 
    return "Short description"; 
}// </editor-fold> 

這裏的

JSP頁面的一部分

/* gestione_admin.jsp */ 
<%  
          for (int i=0; i<al.size(); i++){ 
          out.println("<table>"); 
          out.println("<tr>"); 
          out.println("<td>"); 
          %> 
          <form action="CancellaArticolo"> 
          <input type="checkbox" name="chbox" value="<%=+al.get(i).getId()%>"/> 
          <% 
          out.println("<b>Autore: </b>"+al.get(i).getAutore()+"     <b>Articolo: </b>"+al.get(i).getTitolo()+"</td>"); 
          out.println("</tr>"); 
          out.println("</table>"); 
          %> 
          </form> 
          <% 
          } 
          %> 
          <input type="submit" value="Cancella Articoli Selezionati"></input> 
          </form> 

看起來好像是almo好的，這是什麼問題？

Answer 1

複選框值必須是項目的ID。事情是這樣的：

<input type="checkbox" name="chbox" value="<%=al.get(i).getId()%>"/> 

您應該已經當你不屑於調試chboxArticoliDaCancellare值發現了這個。像你一樣，它們都是"chkbox"。

您還需要確保輸入元素都在相同的<form>作爲提交按鈕，它應該發送所需的數據。所以，基本上：

<form action="yourServletURL" method="post"> 
    ... 
    <input type="checkbox" ... /> 
    ... 
    <input type="checkbox" ... /> 
    ... 
    <input type="checkbox" ... /> 
    ... 
    <input type="submit" ... /> 
    ... 
</form> 

---

無關的具體問題，你沒有使用正確PreparedStatement。您仍然存在SQL注入漏洞，因爲您在SQL字符串中連接了用戶控制的請求參數值，而不是使用佔位符?和PreparedStatement#setXxx()調用。另外，考慮查看JSTL/EL，它會使您的演示代碼更清晰。