Java getString from resultSet cuts off string at first space or takes substring inside of ''

huangapple go评论80阅读模式
英文:

Java getString from resultSet cuts off string at first space or takes substring inside of ''

问题

我有一个Servlet,用于查询MySQL数据库,然后在表中显示数据。我有一个名为"type"的列,它是一个字符串。当我使用以下代码时:

rs.getString("type")

在不使用输入项的情况下,我可以获得完整的字符串(rs是resultSet)。但是当我执行以下操作时:

<input name="class" type="text" value=<%=rs.getString("type")%>>

如果字符串中有空格,例如'ABC DEF',那么它的值只会是'ABC'。或者,如果字符串是'1' ABC',那么值只有'1'。

如何使整个值都在value中显示?

英文:

I have a servlet that queries a mysql db and then displays the data in a table. I have a column that is called type and it is a string. When I do

rs.getString(&quot;type&quot;)

without using a input item I get the full string (rs is the resultSet). But when I do this:

&lt;input name=&quot;class&quot; type=&quot;text&quot; value=&lt;%=rs.getString(&quot;type&quot;)%&gt;&gt;

If the string has a space i.e. 'ABC DEF' then it will only have a value of 'ABC'. Or if the string is ''1' ABC' then the value is only '1'.

How can I get the full value to be in the value?

答案1

得分: 1

我相信你的问题类似于 https://stackoverflow.com/questions/20832989/getstring-from-resultset-with-spaces 中提出的问题。你可以尝试将 rs.getString() 的结果存储在一个变量中,并在你的 HTML 中带上引号进行显示。例如,如果返回的字符串是 'ABC DEF',那么它会看起来像:

&lt;input name=&quot;class&quot; type=&quot;text&quot; value=ABC DEF&gt;

正确的做法应该是:

&lt;input name=&quot;class&quot; type=&quot;text&quot; value=&quot;ABC DEF&quot;&gt;

然而,你的代码在很大程度上容易受到 SQL 注入的攻击。请查看我提供的链接,其中有关于如何更完整地回答你问题的信息。

英文:

I believe your question is similar to the one asked in https://stackoverflow.com/questions/20832989/getstring-from-resultset-with-spaces. You should perhaps try storing the result of rs.getString() in a variable and display it with quotes in your HTML. For example, if the string returned is 'ABC DEF', then it'd look like:

&lt;input name=&quot;class&quot; type=&quot;text&quot; value=ABC DEF&gt;

The proper way to do this would be

&lt;input name=&quot;class&quot; type=&quot;text&quot; value=&quot;ABC DEF&quot;&gt;

Your code is however very vulnerable to SQL injection. Please check the link I provided for a more complete answer to your question.

huangapple
  • 本文由 发表于 2020年8月17日 09:31:14
  • 转载请务必保留本文链接:https://go.coder-hub.com/63443501.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定