为什么request.getParameter()方法返回null?
问题描述:
我有一个静态HTML文档,将表单发布到Java servlet。然后servlet获取表单的值并将它们转发给SQL数据库。但是,问题在于,当我确信该值不为空时,数据库声明一个值为null。为什么request.getParameter()方法返回null?
这里是形式:
<form method="post" action="Handler" target="_blank" enctype="multipart/form-data">
<div class="row uniform 50%">
<div class="6u 12u(mobilep)">
<input type="text" name="name" id="name" placeholder="Username" />
</div>
<div class="6u 12u(mobilep)">
<input type="email" name="email" id="email" placeholder="Email" />
</div>
</div>
<div class="row uniform 50%">
<div class="6u 12u(mobilep)">
<input type="password" name="password" id="password" placeholder="Password" />
</div>
</div>
<div class="row uniform 50%">
<div class="12u">
<textarea name="bio" id="bio" placeholder="Describe yourself" maxlength="200" rows="3"></textarea>
</div>
</div>
<div class="row uniform">
<div class="12u">
<ul class="actions align-center">
<li><input type="submit" value="Send Message" /></li>
</ul>
</div>
</div>
</form>
下面是servlet代码:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
Connection c = null;
PrintWriter op = response.getWriter();
response.setContentType("text/html");
try{
Class.forName("com.mysql.jdbc.Driver");
c = DriverManager.getConnection(DB_URL, "root", "root");
}catch(Exception s){
op.println("<html>");
op.println("<body><h1><strong>"+ "Error: "+ s +"</strong></h1></body>");
op.println("</html>");
}
String username = request.getParameter("name");
String email = request.getParameter("email");
String pass = request.getParameter("password");
String bio = request.getParameter("bio");
String proPicName = "false";
Long time = System.currentTimeMillis();
String sysTime = time.toString();
Statement stmt = null;
try{
stmt = c.createStatement();
stmt.execute("USE dvlpr;");
stmt.execute("INSERT INTO user_tbl (username, email, password, bio, pro_pic, last_on, date_created)" + " VALUES ("+username+", "+email+", "+pass+", "+bio+", "+proPicName+", "+sysTime+", "+sysTime+");");
op.println("<html>");
op.println("<body><h1><strong>Connection made! Username: " + username+ " Email: " + email+ " Your account has been created. We'll keep your password private, too. Thanks!</strong></h1>");
op.println("</body>");
op.println("</html>");
}catch(Exception s){
op.println("<html>");
op.println("<body><h1><strong>"+ "Error: "+ s +"</strong></h1></body>");
op.println("</html>");
}
}
错误代码如下:
Error:com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Column 'username' cannot be null
这是为什么返回null?
答
参数很好。由于语法,查询没有正确执行。该值本身需要用引号引起来,所以应该是这样的:
VALUES('"+username+"',....
正如你可以看到我加了双引号前一个',一次次让'将产生的字符串的一部分。 就像在任何其他SQL插入你会做VALUES('MyUsername', 'MyPassword',...);。
而且你可能想使用一个执行方法,而不是2所以这将是:
stmt.execute("USE dvlpr; INSERT INTO....");
而且也没有必要为+之前" VALUES
+1
即使这个答案在实践中“修复”了问题,但是唯一正确的方法是通过参数化SQL(即使用PreparedStatement)。记住[Bobby Tables](https://xkcd.com/327/)? –
切换到使用['PreparedStatement's ](http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html),你的问题可能会消失。 (否则每个值都需要用单引号括起来(''')) –
您是否在调试器中检查过“用户名”?它是设置还是为空?顺便说一句,@MickMnemonic对于PreparedStatements是正确的。 – Keammoort
你真的知道'request.getParameter'返回null吗?还是你认为这是因为数据库抛出错误? – Brandon