英文:
the method does not check the value properly
问题
static boolean checkCode(String Code, Connection conn) throws SQLException {
Statement s;
String cc = null;
try {
String Statement = "SELECT Code from Courses where Code='" + Code + "'";
s = conn.createStatement();
ResultSet rs = s.executeQuery(Statement);
while (rs.next()) {
cc = rs.getString("Code");
}
if (Code.equalsIgnoreCase(cc))
return true;
else
return false;
} catch (SQLException e) {
}
return false;
}
我正在使用 switch case,但有 3 个情况无法正常工作(使用课程代码进行删除、使用课程代码进行更新以及使用课程代码查看特定课程),所以我认为问题出在 checkCode 方法中。请问是否有人可以帮忙解决?
英文:
static boolean checkCode(String Code, Connection conn) throws SQLException {
Statement s;
String cc = null;
try {
String Statement = "SELECT Code from Courses where Code="+ Code;
s = conn.createStatement();
ResultSet rs = s.executeQuery(Statement);
while (rs.next()) {
cc = rs.getString("Code");
}
if((Code.equalsIgnoreCase(cc)))
return true;
else
return false;
}
catch (SQLException e) {}
return false;
}
I am using switch case and 3 cases aren't working properly ( delete using the course's code, update using the course's code, and view specific course using the course's code ) so I think the error in checkCode method. Could someone please help?
答案1
得分: 0
你正在选择一个值,其中一个值等于它本身。我只会获取匹配记录的计数。接下来,您没有关闭方法中打开的任何资源。而且,您在静默处理任何发生的异常。最后,您没有使用PreparedStatement,因此您的查询(至少乍一看)容易受到SQL注入的攻击。
类似这样,
static boolean checkCode(String Code, Connection conn) throws SQLException {
String query = "SELECT count(*) from Courses where Code=?";
try (PreparedStatement ps = conn.prepareStatement(query)) {
ps.setString(1, Code);
try (ResultSet rs = ps.executeQuery()) {
if (rs.next()) {
return rs.getInt(1) > 0;
}
}
} catch (SQLException e) {
e.printStackTrace();
}
return false;
}
英文:
You are selecting a value where a value is equal to itself. I would just get a count of matching records. Next, you aren't closing any of the resources you open in your method. And, you are silently swallowing any exceptions that occur. Finally, you aren't using PreparedStatement so your query (at least at first glance) is vulnerable to sql injection.
Something like,
static boolean checkCode(String Code, Connection conn) throws SQLException {
String query = "SELECT count(*) from Courses where Code=?";
try (PreparedStatement ps = conn.prepareStatement(query)) {
ps.setString(1, Code);
try (ResultSet rs = ps.executeQuery()) {
if (rs.next()) {
return rs.getInt(1) > 0;
}
}
} catch (SQLException e) {
e.printStackTrace();
}
return false;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论