-2
什麼是在查詢中的語法錯誤:選擇從ORDER_DETAILS OID其中username = ' 「+ UNAME +」',以便通過OID DESC LIMIT 1
選擇從ORDER_DETAILS OID其中username = ' 「+ UNAME +」',以便通過oid desc limit 1; 在這裏,我gettin錯誤的語法.... PLZ的幫助!什麼是錯誤? 全碼:
<%@page import="javax.validation.constraints.Null"%>
<%@page import="java.text.SimpleDateFormat"%>
<%@page import="java.sql.*"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<%
String languages;
int price;
int tot;
String[] lang=request.getParameterValues("dish");
String event=request.getParameter("eve");
String date=request.getParameter("date");
String place=request.getParameter("place");
String person=request.getParameter("PERSON");
String uname=(String)session.getAttribute("username");
String oid="0";
int row=32;
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/ready to serve", "root", "");
Statement st=con.createStatement();
st.executeUpdate("insert into order_details(event_date,PLACE,NO_OF_PERSON,Event,UserName)values('"+date+"','"+place+"','"+person+"','"+event+"','"+uname+"')");
String getoid= "select oid from order_details where UserName= '"+uname+"' order by oid desc limit 1";
ResultSet rs= st.executeQuery(getoid);
if(rs.next())
{
oid=rs.getString(1);
}
int noof=Integer.parseInt(request.getParameter("PERSON"));
tot=0;
ResultSet pric= st.executeQuery("select sum(a.price) from menu a,dorder b where a.dish=b.dish");
while(pric.next())
{
tot=pric.getInt(1)* noof;
}
for(int i=0;i<lang.length;i++)
{
languages = lang[i];
st.executeUpdate("insert into dorder values('"+languages+"','"+oid+"','"+uname+"')");
}
String totin="update order_details set tot='"+tot+"'where oid="+getoid;
st.executeUpdate(totin);
out.println("Data is successfully inserted into database.");
%>
</body>
</html>
1) JSP == BAD中的代碼。 2)以這種方式創建SQL命令是SQL注入的可能候選者。 3)縮進代碼以便易於閱讀 – 2014-10-06 04:05:30
數據在數據庫中插入,但'tot'的值未在表中更新...... // – 2014-10-06 04:06:19