在jsp中更新主键 [英] Update primary key in jsp
问题描述
我创建了一个表,它是id(coloum)的主键,我想更新它
查询它显示我
i have created a table which is primary key on id(coloum) and i want to update it
with query it is showing me
Parameter index out of range (1 > number of parameters, which is 0).
<%
int status = 0;
String id = request.getParameter("id");
int id2 =Integer.parseInt(id);
String productquantity2 = request.getParameter("productquantity");
String productsize = request.getParameter("productsize");
String imageurl = request.getParameter("imageurl");
String productname = request.getParameter("productname");
String productcode = request.getParameter("productcode");
//out.println("id"+id);
//out.println("productquantity"+productquantity2);
//out.println("productsize"+productsize);
//out.println(query);
String query = "update cart" + name + " set productname="+productname+" ,productquantity=" + productquantity2 + " ,productsize = "+ productsize + " ,productcode = "+productcode+",imageurl="+imageurl+" where id=" + id2;
try {
Connection con = UserConnection.Connector();
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, productname);
ps.setString(2, productquantity2);
ps.setString(3, productsize);
ps.setString(4, productcode);
ps.setString(5, imageurl);
ps.setInt(6, id2);
ps.executeUpdate();
out.println("updated");
/* if (status > 0) {
response.sendRedirect("../Jsp/Product.jsp");
out.println("updated");
System.out.println(status);
}else{
out.println(" not updated");
} */
} catch (Exception ex) {
System.out.println(ex);
}
%>
我尝试过:
i试过这个,我不知道该怎么办
What I have tried:
i have tryed this and i dont know what to do
推荐答案
String query = "update cart" + name + " set productname="+productname+" ,productquantity=" + productquantity2 + " ,productsize = "+ productsize + " ,productcode = "+productcode+",imageurl="+imageurl+" where id=" + id2;
这不是参数的工作原理。您的代码将值直接注入到查询中,这使您容易受到SQL注入攻击。
当您将该查询传递给 PreparedStatement时/ code>,它发现查询中没有参数占位符。当您尝试设置第一个参数的值时,会出现异常,因为没有参数。
更新查询以使用正确的参数占位符:
That's not how parameters work. Your code is injecting the values directly into the query, which leaves you vulnerable to SQL Injection.
When you pass that query to the PreparedStatement, it sees that there are no parameter placeholders in the query. When you then try to set the value of the first parameter, you get an exception because there are no parameters.
Update your query to use proper parameter placeholders:
String query = "update cart set productname = ?, productquantity = ?, productsize = ?, productcode = ?, imageurl = ? where id = ?";
这将修复您的错误以及代码中的SQL注入漏洞。
你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ]
如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]
查询参数化备忘单| OWASP [ ^ ]
This will fix your error, and the SQL Injection vulnerability in your code.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
这篇关于在jsp中更新主键的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
