基本问题,如果我要把edit框中的内容存入数据库,但是因为内容中包含 双引号,单引号 等特殊字符,在组合sql语句的时候有点问题,jsp有没有类似的函数可以把这些特殊字符转换掉? 基本问题,如果我要把edit框中的内容存入数据库,但是因为内容中包含 双引号,单引号 等特殊字符,在组合sql语句的时候有点问题,jsp有没有类似的函数可以把这些特殊字符转换掉?然后在显示的时候,把从数据库得到的内容,再用一个函数可以复原? 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 两种解决方案.1:用HTML转义符.2:SQL参数用?号. 使用PreparedStatement,参考以下的代码:import java.sql.Connection;import java.sql.PreparedStatement;import java.sql.SQLException;public class StudentDao { public int addStudent(Student stu) { Connection con = null; PreparedStatement ps = null; int rows = 0; try { con = ConnectionFactory.getConnection(); String sql = "INSERT INTO student (name, age, address) VALUES (?,?,?)"; ps = con.prepareStatement(sql); ps.setString(1, stu.getName()); ps.setInt(2, stu.getAge()); ps.setString(3, stu.getAddress()); rows = ps.executeUpdate(); }catch(SQLException e) { e.printStackTrace(); }finally{ try { ps.close(); con.close(); }catch(SQLException e) { e.printStackTrace(); } } return rows; }}public class Student { private String name; private int age; private String address; public String getAddress() { return address; } public void setAddress(String address) { this.address = address; } public int getAge() { return age; } public void setAge(int age) { this.age = age; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String toString() { return this.name + ", " + this.age + ", " + this.address; }}import java.beans.PropertyVetoException;import java.sql.Connection;import java.sql.SQLException;import com.mchange.v2.c3p0.ComboPooledDataSource;/** * 数据库连接工厂 * 采用C3P0连接池,一个很不错的连接池 * http://sourceforge.net/projects/c3p0 */public class ConnectionFactory { private ConnectionFactory(){ } private static ComboPooledDataSource ds = new ComboPooledDataSource(); static { try { ds.setDriverClass("com.mysql.jdbc.Driver"); ds.setJdbcUrl("jdbc:mysql://localhost:3306/test"); ds.setUser("root"); ds.setPassword("root"); ds.setMaxPoolSize(5); ds.setMinPoolSize(2); ds.setMaxStatements(100); } catch (PropertyVetoException e) { e.printStackTrace(); } } public static synchronized Connection getConnection() { Connection con = null; try { con = ds.getConnection(); } catch (SQLException e1) { e1.printStackTrace(); } return con; }} 在.net里可以往SQL语句里加参数,例如: System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand("SELECT [purview] FROM [user] WHERE [username] collate Chinese_PRC_CS_AS_WS=@username AND [password] collate Chinese_PRC_CS_AS_WS=@password", conn); command.Parameters.Add(new System.Data.SqlClient.SqlParameter("@username", System.Data.SqlDbType.NVarChar, 50)); command.Parameters.Add(new System.Data.SqlClient.SqlParameter("@password", System.Data.SqlDbType.NVarChar, 50)); command.Parameters[0].Value = UserName.Text.Trim(); command.Parameters[1].Value = Password.Text.Trim();JAVA应该有类似的功能 hibernate整合spring问题 小弟遇到了select的问题,怎么办? 谁有好用的JSP 编写工具,介绍一下! jbuilder 中出现的编译问题 我如果不把jsp网页程序放在root目录下,我应该怎样做啊? 下面代码为有什么意思 类型转换 十万火急~~~100分,小问题! javascript中以下代码是什么意思??? 有没有JSP电子图书下载? 请教,使用validator验证框架是不是很影响WEB的性能? 求助
1:用HTML转义符.
2:SQL参数用?号.
import java.sql.PreparedStatement;
import java.sql.SQLException;public class StudentDao {
public int addStudent(Student stu) {
Connection con = null;
PreparedStatement ps = null;
int rows = 0;
try {
con = ConnectionFactory.getConnection();
String sql = "INSERT INTO student (name, age, address) VALUES (?,?,?)";
ps = con.prepareStatement(sql);
ps.setString(1, stu.getName());
ps.setInt(2, stu.getAge());
ps.setString(3, stu.getAddress());
rows = ps.executeUpdate();
}catch(SQLException e) {
e.printStackTrace();
}finally{
try {
ps.close();
con.close();
}catch(SQLException e) {
e.printStackTrace();
}
}
return rows;
}
}public class Student {
private String name;
private int age;
private String address;
public String getAddress() {
return address;
}
public void setAddress(String address) {
this.address = address;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String toString() {
return this.name + ", " + this.age + ", " + this.address;
}
}import java.beans.PropertyVetoException;
import java.sql.Connection;
import java.sql.SQLException;import com.mchange.v2.c3p0.ComboPooledDataSource;/**
* 数据库连接工厂
* 采用C3P0连接池,一个很不错的连接池
* http://sourceforge.net/projects/c3p0
*/
public class ConnectionFactory { private ConnectionFactory(){
}
private static ComboPooledDataSource ds = new ComboPooledDataSource();
static {
try {
ds.setDriverClass("com.mysql.jdbc.Driver");
ds.setJdbcUrl("jdbc:mysql://localhost:3306/test");
ds.setUser("root");
ds.setPassword("root");
ds.setMaxPoolSize(5);
ds.setMinPoolSize(2);
ds.setMaxStatements(100);
} catch (PropertyVetoException e) {
e.printStackTrace();
}
}
public static synchronized Connection getConnection() {
Connection con = null;
try {
con = ds.getConnection();
} catch (SQLException e1) {
e1.printStackTrace();
}
return con;
}
}
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand("SELECT [purview] FROM [user] WHERE [username] collate Chinese_PRC_CS_AS_WS=@username AND [password] collate Chinese_PRC_CS_AS_WS=@password", conn);
command.Parameters.Add(new System.Data.SqlClient.SqlParameter("@username", System.Data.SqlDbType.NVarChar, 50));
command.Parameters.Add(new System.Data.SqlClient.SqlParameter("@password", System.Data.SqlDbType.NVarChar, 50));
command.Parameters[0].Value = UserName.Text.Trim();
command.Parameters[1].Value = Password.Text.Trim();
JAVA应该有类似的功能