我正在写一个在线预订系统。我的代码有问题,用户可以通过jsp页面上的取消按钮取消他们的预订。但我的代码不起作用。它不能从数据库中删除数据。我怎样才能做到这一点? 用jsp从数据库中删除数据页面
myreservations.jsp
Book TicketActivityID | Username | Ticket | Cancel |
---|
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection("jdbc:derby://localhost:1527/users", "users", "123");
String username = (String) request.getSession().getAttribute("username");
Statement st = con.createStatement();
ResultSet rs;
rs = st.executeQuery("select * from reservation where username='" + username + "'");
while (rs.next()) {
String activityid = rs.getString("id");
username = rs.getString("username");
String buy = rs.getString("buy");
out.println("
");out.println("
" + activityid + "");out.println("
" + username + "");out.println("
" + buy + "");out.println("
");out.println("
");}
st.close();
%>
cancel.jsp
String AcivityID = request.getParameter("ActivityID");
String Username = request.getParameter("Username");
String Ticket = request.getParameter("Ticket");
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection("jdbc:derby://localhost:1527/users", "users", "123");
String sorgu = "delete from reservation where id='" + request.getParameter(AcivityID) + "'AND username='" + request.getParameter(Username) + "'AND buy='" + request.getParameter(Ticket) + "'";
java.sql.Statement st = con.createStatement();
int rowNum = st.executeUpdate(sorgu);
response.sendRedirect("cancelled.jsp");
st.close();
%>
2016-12-30
tripley
+0
jsp内部的java代码只是可怕的想法。 –
+0
加上sql注入漏洞吧 –
+0
刚学jsp –