Surround With->Try/Catch Block.
INSERT-TimeStamp尽量不要这么去用,它会给你的查询带来困惑.
insert into huo (openid,shuzi) values ('x','1');
Creates a PreparedStatement object for sending parameterized SQL statements to the database.
A SQL statement with or without IN parameters can be pre-compiled and stored in a PreparedStatement object. This object can then be used to efficiently execute this statement multiple times.
PrepareStatement帮你很好地解决了SQL注入的问题.就是你每条SQL的这么一个问题.但是PrepareStatement针对不同的数据库它会有一个不同的实现,有些个数据库可能你这个JDK的版本它这个简单的拼装一下或者是替换一下,这个你要注意一下看看你使用的是什么驱动.
不去过多的涉及到跟J2EE/J2SE的东西了.
package net.server;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import net.db.DBUtil;
public class HouServer {
/**
* 保存记录
* @param openid
* @param shuzi
* @throws SQLException
*/
public static void saveJiLu(String openid,String shuzi) throws SQLException{//Server层的异常推荐使用向外抛出异常的方式.
//因为你要通知外面这个Server执行的有错误.
Connection conn = DBUtil.getConn();
Statement stmt = conn.createStatement();
//conn.prepareStatement(sql);//PrepareStatement是预编译/预处理,Statement就不行了
//Statement是PrepareSatement的父类/父接口.
String sql = "insert into huo (openid,shuzi) values ('"+openid+"','"+shuzi+"');";
stmt.executeUpdate(sql);
if(null!=stmt){
stmt.close();
}
//关Connection涉及到一个数据源的问题.数据源/连接池,什么时候是真关闭(物理关闭),什么时候是逻辑关闭
//有人会用自己开发的数据源对Connection进行管理.关于数据库操作这一部分求职的时候会很容易被问到.
if(null!=conn){
conn.close();
}
}
}
package net.db;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
//以后用到什么数据源了再在这块替换.现在先写这个意思
public class DBUtil {
public static Connection getConn(){
Connection conn = null;
try {
Class.forName("com.mysql.jdbc.Driver");
//这块不读配置文件(properties/xml)
//先写业务逻辑,后期再重构recode,读配置文件/用mybatis/hibernate/其他自己封装的第三方的连接数据库的东西
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/wx","root","");
//至少是一个数据库对应一个用户
//有的账号只允许添加操作,有的账号只允许修改操作,有的账号只有查询权限
//Oracle里面有些个角色的这些东西
//写程序要考虑周全
} catch (ClassNotFoundException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return conn;
}
}
package net.wxinterface;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.dom4j.DocumentException;
import wx.event.Subscribe_Unsubscribe;
import wx.in.In;
import wx.in.In_Image;
import wx.in.In_Text;
import wx.in.In_Util;
import wx.in.In_Video;
import wx.in.In_Voice;
import wx.out.Out_Image;
import wx.out.Out_News;
import wx.out.Out_Text;
import wx.out.Out_Video;
import wx.out.Out_Voice;
import wx.util.Util;
import com.imooc.po.TextMessage;
import com.imooc.util.MessageUtil;
public class WX_Interface extends HttpServlet {
/**
* Constructor of the object.
*/
public WX_Interface() {
super();
}
/**
* Destruction of the servlet.
*/
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
// Put your code here
}
/**
* The doGet method of the servlet.
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//�ż���ǩ��,signature����˿�������д��tocken����������е�timestamp����nonce����
String signature = request.getParameter("signature");
//ʱ���
String timestamp = request.getParameter("timestamp");
//�����
String nonce = request.getParameter("nonce");
String echostr = request.getParameter("echostr");
String tocken = "test";
try{
if(null != signature){
String[] ArrTmp = {tocken,timestamp,nonce};
Arrays.sort(ArrTmp);
StringBuffer sb = new StringBuffer();
for(int i=0;i
sb.append(ArrTmp[i]);
}
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] bytes = md.digest(new String(sb).getBytes());
StringBuffer buf = new StringBuffer();
for(int i=0;i
if(((int)bytes[i] & 0xff)<0x10){
buf.append("0");
}
buf.append(Long.toString((int) bytes[i] & 0xff,16));
}
if(signature.equals(buf.toString())){
response.getOutputStream().println(echostr);
}
}
}catch(Exception e){
e.printStackTrace();
}
System.out.println("test0");
System.out.println("doGet");
System.out.println("signature "+signature);
System.out.println("timstamp "+timestamp);
System.out.println("nonce "+nonce);
System.out.println("echostr "+echostr);
System.out.println("doGet");
}
/**
* The doPost method of the servlet.
*
* This method is called when a form has its tag value method equals to post.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
try {
Map map = MessageUtil.xmlToMap(request);
String fromUserName = map.get("FromUserName");
String toUserName = map.get("ToUserName");
String msgType = map.get("MsgType");
String content = map.get("Content");//
String message = null;
//if("text".equals(msgType)){
if(MessageUtil.MESSAGE_TEXT.equals(msgType)){
if("1".equals(content)){
message = MessageUtil.initText(toUserName,fromUserName,MessageUtil.firstMenu());
}else if("3".equals(content)){
//message = MessageUtil.initText(toUserName,fromUserName,content);
//�Ϳ��������ﰴ3����ͼƬ��Ϣ,���ͼƬ��Ϣ�Ĵ����Լ��ظ��Ѿ�д����
message = MessageUtil.initImageMessage(toUserName,fromUserName);
}else if("4".equals(content)){//��servlet����һ���ж�,������4��ʱ��ظ�һ�����ָ���
message = MessageUtil.initMusicMessage(toUserName,fromUserName);
}else if("2".equals(content)){
//message = MessageUtil.initText(toUserName,fromUserName,MessageUtil.secondMenu());
//�����ͼ����Ϣ�Ĵ����Լ��ظ��Ѿ�д����
message= MessageUtil.initNewsMessage(toUserName,fromUserName);
}else if("?".equals(content)||" ? ".equals(content)){
message = MessageUtil.initText(toUserName,fromUserName,MessageUtil.menuText());
}
TextMessage text = new TextMessage();
text.setFromUserName(toUserName);//˭������,��ͷ���˭
text.setToUserName(fromUserName);
text.setMsgType("text");
text.setCreateTime(new Date().getTime());
text.setContent("���͵���Ϣ��:"+content);
message = MessageUtil.textMessageToXml(text);
System.out.println(message);
}else if(MessageUtil.MESSAGE_EVENT.equals(msgType)){//�����Ϣ���͵���
String eventType = map.get("Event");
if(MessageUtil.MESSAGE_SUBSCRIBE.equals(eventType)){//��Ϣ�����¼�������
message = MessageUtil.initText(toUserName, fromUserName, content);//��ע�Ź��ں�֮���ź�̨����
}//�������Servlet�������һ�������ж�
else if(MessageUtil.MESSAGE_CLICK.equals(eventType)){//�����������Click�˵���һ���¼�����
//Click���͵���Ϣ����,���Event��Click���͵Ļ�,��ô����ظ�һ�����˵�
message = MessageUtil.initText(toUserName, fromUserName, MessageUtil.menuText());
}else if(MessageUtil.MESSAGE_VIEW.equals(eventType)){//�����View���Ͳ˵�,�ͻظ�һ�������õ�Url
String url = map.get("EventKey");//�����View���Ͳ˵��Ļ�,���EventKey�������Url��ֵ
if("11".equals(url)){//���Keyֵ��11
message = MessageUtil.initText(toUserName, fromUserName, url);
}
}else if(MessageUtil.MESSAGE_SCANCODE.equals(eventType)){//�ظ�һ�����ɨ���¼�
String key = map.get("EventKey");//�����Click���Ͳ˵��Ļ�,EventKey���������õ�Keyֵ
message = MessageUtil.initText(toUserName, fromUserName, key);
}
}
out .print(message);
} catch (DocumentException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
out.close();
}
System.out.println("doPost");*/
//response.setContentType("text/html");
//PrintWriter out = response.getWriter();
/*StringBuffer strb = new StringBuffer();
ServletInputStream in = request.getInputStream();
BufferedReader breader= new BufferedReader( new InputStreamReader(in,"UTF-8"));
String str = null;
while(null!=(str=breader.readLine())){
strb.append(str);
}
//out.println(str);
System.out.println(strb);*/
//out.flush();
//out.close();
/*response.setContentType("text/html");
PrintWriter out = response.getWriter();
StringBuffer strb = new StringBuffer();
//strb要存储一下request获取过来的东西
ServletInputStream in = request.getInputStream();
BufferedReader breader = new BufferedReader( new InputStreamReader(in,"UTF-8"));//接收是对的,已经进行转码了.
String str = null;
//+-*\/\是运算符,赋值运算符=也是运算符
/*
while(null!=(str = breader.readLine())){
strb.append(str);
}
out.println(strb);
System.out.println(strb);
out.flush();
out.close();*/
//response.setContentType("text/html;charset=utf-8");
//response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
PrintWriter out = response.getWriter();
//String requestStr = In_Util.getStringFromRequest(request);
String requestStr = Util.getStringFromRequest(request);
In in = new In(requestStr);
System.out.println(requestStr);
System.out.println("北风网");
/*In_Text in_Text = new In_Text(requestStr);
System.out.println(in_Text);
in_Text.setContent(in_Text.getContent()+ " 吃屎啦");*/
/* In_Image in_Image = new In_Image(requestStr);
System.out.println(in_Image);*/
//Out_Text out_Text = new Out_Text(in_Text);
//Out_Text out_Text = new Out_Text(in_Text,in_Text.getContent()+ " 吃屎啦");
/*Out_Text out_Text = new Out_Text(in_Text);
out_Text.setContent(in_Text.getContent());*/
//System.out.println(out_Text.getStr("这是北风网。。。。。。。"));
//response.getOutputStream().print(out_Text.getStr(in_Text.getContent()+ " 吃屎啦"));
//response.getWriter().print(out_Text.getStr(in_Text.getContent()+ " 吃屎啦"));
//response.getWriter().print(out_Text.getStr());
//new BufferedWriter(new OutputStreamWriter(response.getOutputStream(),"UTF-8")).write(out_Text.getStr(in_Text.getContent()+ " chishila"));
//response.getOutputStream().print(out_Text.getStr("这是北风网。。。。。。。"));
//System.out.println(out_Text.getStr(in_Text.getContent()+ " 吃屎啦"));
//System.out.println(out_Text.getStr());
/*In_Image in_Image = new In_Image(requestStr);
System.out.println(in_Image.getMediaId());
Out_Image out_Image = new Out_Image(in_Image);
out_Image.setMediaId(in_Image.getMediaId());
response.getWriter().print(out_Image.getStr());*/
/*String shanghai = "szNaZ9h5SbG4kMDlCexVMvNLuezqTB20QE9XOgpbK5plhmCOnaO6JG6-ISXsIdvn";
String xxx= "T9Bi3d-qxYbZnE6f1CsYJ2EfNrWDdr9x3Kpas_WUo04tc9b4zwTq9KZs1vQ6taQB";
In_Text in_Text = new In_Text(requestStr);
Out_Image out_Image = new Out_Image(in_Text);
if("1".equals(in_Text.getContent())){
out_Image.setMediaId(shanghai);
}else{
out_Image.setMediaId(xxx);
}
response.getWriter().print(out_Image.getStr());*/
/*In_Voice in_Voice = new In_Voice(requestStr);
Out_Voice out_Voice = new Out_Voice(in_Voice);
out_Voice.setMediaId(in_Voice.getMediaId());
response.getWriter().print(out_Voice.getStr());*/
/*In_Video in_Video = new In_Video(requestStr);
Out_Video out_Video = new Out_Video(in_Video);
out_Video.setMediaId(in_Video.getMediaId());
out_Video.setTitle("title");
out_Video.setDescription("description");
System.out.println(out_Video.getStr());
//response.getWriter().print(out_Video.getStr());
response.getOutputStream().print(out_Video.getStr());*/
Subscribe_Unsubscribe subscribe_Unsubscribe = new Subscribe_Unsubscribe(requestStr);
/*System.out.println(subscribe_Unsubscribe);
Out_News out_News = new Out_News(subscribe_Unsubscribe);
List out_NewsList = new ArrayList();
Out_News out_News_0 = new Out_News();
out_News_0.setTitle("北风网微信系统");
out_News_0.setDescription("北风网");
out_News_0.setPicUrl("http://www.ibeifeng.com/themes/default/images/logo.png");
out_News_0.setUrl("http://www.ibeifeng.com/");
out_NewsList.add(out_News_0);
Out_News out_News_1 = new Out_News();
out_News_1.setTitle("java北风网微信系统");
out_News_1.setDescription("北风网xxxxxxxxxxxxx");
out_News_1.setPicUrl("http://www.ibeifeng.com/data/indeximg/a2.jpg");
out_News_1.setUrl("http://www.ibeifeng.com/tc_java2.html");
out_NewsList.add(out_News_1);
Out_News out_News_2 = new Out_News();
out_News_2.setTitle(".net北风网微信系统");
out_News_2.setDescription("北风网AAAAAAAAAAAA");
out_News_2.setPicUrl("http://www.ibeifeng.com/data/indeximg/a3.jpg");
out_News_2.setUrl("http://www.ibeifeng.com/netcourse.html");
out_NewsList.add(out_News_2);
System.out.println(out_News.getStr(out_NewsList));
response.getWriter().print(out_News.getStr(out_NewsList));*/
/**
* 关注微信号时的欢迎信息
* 欢迎你关注本微信号
*/
if("event".equals(in.getMsgType())){//如果接收的消息是事件类型的话
if("subscribe".equals(subscribe_Unsubscribe.getEvent())){
//Out_Text out_Text = new Out_Text(in);
Out_Text out_Text = new Out_Text(subscribe_Unsubscribe);
out_Text.setContent("欢迎你关注本微信号。本游戏说明");
out.print(out_Text.getStr());
}
//判断是text类型
}else if("text".equals(in.getMsgType())){
In_Text in_Text = new In_Text(requestStr);
Out_Text out_Text = new Out_Text(in);
//out_Text.setContent("这是您选择的数字"+in_Text.getContent());
//如果不是数字
try {
Integer.parseInt(in_Text.getContent());
} catch (NumberFormatException e) {
// TODO Auto-generated catch block
//e.printStackTrace();
out_Text.setContent("这个不是数字");
out.print(out_Text.getStr());
return;
}
//判断是否小于1000
if(1000
out_Text.setContent("这个数字太大了,应该小于1000");
out_Text.getStr();
return;
}
//记录到数据库
out.print(out_Text.getStr());
}else{
Out_Text out_Text = new Out_Text(in);
out_Text.setContent("请选择一个数字");
out.print(out_Text.getStr());
}
out.flush();
out.close();
}
/**
* Initialization of the servlet.
*
* @throws ServletException if an error occurs
*/
public void init() throws ServletException {
// Put your code here
}
}