0
我用一個簡單的servlet代碼:Servlets顯示不同的輸出?
myCon = DriverManager.getConnection(url);
myStmt = myCon.createStatement();
ResultSet rs;
String course = req.getParameter("Course").trim();
out.println(course);///////HERE IS THE PROBLEM
String query="select * from TBSolvedbanks where COURSE_CODE='"+course+"' ;";
rs=myStmt.executeQuery(query);
out.println("<BANKS>");
while(rs.next())
{
out.println("<BANK>");
out.println("<NUMBER>"+rs.getString("NUMBER")+"</NUMBER>");
out.println("<NAME>"+rs.getString("NAME")+"</NAME>");
out.println("<TITLE>"+rs.getString("TITLE")+"</TITLE>");
out.println("<DESCRIPTION>"+rs.getString("DESCRIPTION")+"</DESCRIPTION>");
out.println("<MODULE_TAG>"+rs.getString("MODULE_TAG")+"</MODULE_TAG>");
out.println("<ADDITIONAL_TAGS>"+rs.getString("ADDITIONAL_TAGS")+"</ADDITIONAL_TAGS>");
out.println("</BANK>");
}
out.println("</BANKS>");
}
當我運行JBoss服務器上的代碼,它工作正常,並打印這樣的:
BEME1104
<BANKS>
<BANK>
<NUMBER>1</NUMBER>
<NAME>firstbank</NAME>
<TITLE>Question Bank 1</TITLE>
<DESCRIPTION>in this file,we discussed basic things including shortnotes of Properties of substances and aproaches</DESCRIPTION>
<MODULE_TAG>MODULE I</MODULE_TAG>
<ADDITIONAL_TAGS>Uses of point,path function,processes,equilibrium,curves</ADDITIONAL_TAGS>
</BANK>
但是當我評論這條線
out.println(course);
它打印沒有標籤的值像這樣:
"1 firstbank Question Bank 1 in this file,we discussed basic things including shortnotes of Properties of substances and aproaches MODULE I Uses of point,path function,processes,equilibrium,curves"
我不知道,而相同的代碼運行在另一個servlet.Please細幫助我,我是新來的servlet爲什麼我面對這個問題?
你的代碼對於SQL注入攻擊是開放的,你應該小心。 – maba 2013-04-05 09:05:36