在更新 JSP 记录时设置数值为 0。

huangapple go评论73阅读模式
英文:

set value = 0 while updating record in jsp

问题

im trying to update a column using jsp
here i want my count column value to be updated as zero
count = 0
how can i do that. through this code value is not updating

       
       String code = request.getParameter("code");
       Connection conn = null;
       Statement st=null;
       ResultSet rs = null;
       PreparedStatement ps = null;
       int count = 0;
   
       try{
	     conn = DataBaseConnection.initializeDatabase();
	     


        String query1 = null;
	     conn.setAutoCommit(false);
         query1 = "update employee set count = ? where code= '" +code+ "' ";
         	ps = conn.prepareStatement(query1);
         	ps.setInt(1, count);
            ps.executeUpdate();
            }
            catch (Exception e) {
            e.printStackTrace();
            }

here is my record in db
           employee table
           CODE          VARCHAR2(12) 
           COUNT          NUMBER(3)
英文:

im trying to update a column using jsp
here i want my count column value to be updated as zero
count = 0
how can i do that. through this code value is not updating

   String code = request.getParameter("code");
   Connection conn = null;
   Statement st=null;
   ResultSet rs = null;
   PreparedStatement ps = null;
   int count = 0;

   try{
     conn = DataBaseConnection.initializeDatabase();
     


    String query1 = null;
     conn.setAutoCommit(false);
     query1 = "update employee set count = ? where code= ' +code+' ";
     	ps = conn.prepareStatement(query1);
     	ps.setInt(1, count);
        ps.executeUpdate();
        }
        catch (Exception e) {
        e.printStackTrace();
        }

here is my record in db
employee table
CODE VARCHAR2(12)
COUNT NUMBER(3)

答案1

得分: 1

你可以将

"update employee set count = ? where code= ' + code + ' ";

替换为

"update employee set count = ? where code= '" + code + "' ";

例如,如果code的值为xyz,则在这种更改后,查询将变为:

"update employee set count = ? where code= 'xyz' ";

然而,我建议您按照以下方式进行修改,以避免SQL注入

query1 = "update employee set count = ? where code= ?";
ps = conn.prepareStatement(query1);
ps.setInt(1, count);
ps.setString(2, code);
英文:

You can replace

"update employee set count = ? where code= ' +code+' ";

with

"update employee set count = ? where code= '" + code + "'";

e.g. if the value of code is xyz then after this change, the query will become:

"update employee set count = ? where code= 'xyz'";

However, I recommend you do it as follows to avoid the SQL Injection:

query1 = "update employee set count = ? where code= ?";
ps = conn.prepareStatement(query1);
ps.setInt(1, count);
ps.setString(2, code);

huangapple
  • 本文由 发表于 2020年10月6日 13:56:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/64220092.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定