带参数的 Java Web 服务 MYSQL [英] Java Web Service MYSQL with parameter
问题描述
我是 Web 服务的新手,我已经实现了一个 Web 服务并且在我的 MYSQL 中一切正常,但是现在为了在我的 android 应用程序中使用该 Web 服务,我需要在 http 请求中添加一个参数,这是我的代码:
i'm new to web services, I had implement a web services and all work fine with my MYSQL, but now for use that web services with my android app I need to add a parameter in the http request, this is my code:
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
public class getDonationList {
public ArrayList<myDonations> getList(Connection con) throws SQLException
{
ArrayList<myDonations> donationList = new ArrayList<myDonations>();
PreparedStatement stmt = con.prepareStatement("SELECT * FROM donations WHERE email = "+ variable);
ResultSet rs = stmt.executeQuery();
//System.out.println(rs);
try
{
while(rs.next())
{
myDonations myDonationsObj = new myDonations();
myDonationsObj.setEmail(rs.getString("email"));
myDonationsObj.setOnlus(rs.getString("text1"));
myDonationsObj.setData(rs.getString("text2"));
myDonationsObj.setImporto(rs.getInt("coin"));
donationList.add(myDonationsObj);
}
} catch (Exception e)
{
e.printStackTrace();
}
return donationList;
}
}
<小时>
import java.util.ArrayList;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import com.google.gson.Gson;
@Path("/donationService")
public class DonationService
{
@GET
@Path("/donation")
@Produces("application/json")
public String donations(@QueryParam("email") String email)
{
String donations = null;
ArrayList<myDonations> donationList = new ArrayList<myDonations>();
try
{
donationList = new DonationManager().getList();
Gson gson = new Gson();
donations = gson.toJson(donationList);
} catch (Exception e)
{
e.printStackTrace();
}
return donations;
}
}
<小时>
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import connessionedb.Database;
public class DonationManager
{
public ArrayList<myDonations> getList() throws Exception
{
ArrayList<myDonations> courseList = new ArrayList<myDonations>();
Database db = new Database();
Connection con = db.getConnection();
getDonationList list = new getDonationList();
courseList = list.getList(con);
return courseList;
}
}
<小时>
我需要服务接受这样的参数变量":http://localhost:8440/MyProject/donationService/donation?email=variable因为然后在我的 andorid 应用程序中,我从 TextView 中获取了变量.
I need the service accept the parameter "variable" like this: http://localhost:8440/MyProject/donationService/donation?email=variable becouse then in my andorid app I take the variable from TextView.
有人可以帮我解决这个问题吗?谢谢
Someone can help me to fix this? Thanks
推荐答案
您需要使用通过服务收到的电子邮件作为对数据库的查询的一部分.
You need to use the email received over the service as part of your query to the database.
你可以改变:
public ArrayList<myDonations> getList() throws Exception
成为:
public ArrayList<myDonations> getList(String email) throws Exception
变化:
donationList = new DonationManager().getList();
成为:
donationList = new DonationManager().getList(email);
变化:
public ArrayList<myDonations> getList(Connection con) throws SQLException
成为:
public ArrayList<myDonations> getList(Connection con, String email) throws SQLException
如果你应用这个模式,那么你可以从你的服务中获取字符串值到你的 SQL.
If you apply this pattern then you can get the string value from your service down to your SQL.
此外,您应该调查在准备好的语句中使用参数标记以避免 sql 注入.
Also, you should investigate using parameter markers in your prepared statement to avoid sql injection.
这篇关于带参数的 Java Web 服务 MYSQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!