当前位置: 首页 > 图文教程 > 网络编程 > JSP > 如何使用JSP+MySQL创建留言本(三)

JSP
我认为JSP有问题(上)
我认为JSP有问题(下)
jsp“抓”网页代码的程序
关于在bean里面打印html的利弊看法
bean里面如何打印到html页面
jdbc3中的RowSet 接口规范
Apusic Application Server1.0中jsp源代码泄漏漏洞
Unify的eWave ServletExec拒绝服务漏洞
通过提交超长的GET请求导致IBM HTTP Server远程溢出
在HTTP请求中添加特殊字符导致暴露JSP源代码文件
Resin 1.2 重要源代码暴露漏洞
多中WEB服务器的通用JSp源代码暴露漏洞
Tomcat 暴露JSP文件内容
IBM WebSphere Application Server 暴露JSP文件内容
JRun 2.3.x 范例文件暴露站点安全信息
BEA WebLogic 暴露源代码漏洞
IBM WebSphere Application Server 3.0.2 存在暴露源代码漏洞
Tomcat 3.1 存在暴露网站路径问题
Sun Java Web Server 能让攻击者远程执行任意命令
Netscape 修复 JAVA 安全漏洞

如何使用JSP+MySQL创建留言本(三)


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-13   浏览: 64 ::
收藏到网摘: n/a

下面我们开始建立留言的页面!
<%@page
import ="java.util.*"
import ="java.text.*"
import="java.sql.*"
import ="java.io.*"
import ="java.lang.*"
contentType="text/html; charset=gb2312"
%>
<%
class CommentError// throws java.lang.NullPointerException
{ public String Username="",Sex="",Address="",Postal="",Oicq="",Icq="",Tel="",Comment="";
public boolean NoError=true;//false;
public int ErrorCount=0;
private boolean IsNumber(String s1) {}
public String font (String se) {}
public String Comment_Er(String se) {}
public void Username (String se) {}
public void Sex (String se) {}
public void Address (String se) {}
public void Comment (String se) {}
public void Tel (String se) {}
public void Postal (String se) {}
public void Oicq (String se) {}
public void Icq (String se) {}
}
class FormatComment
{ public String Replace(String source, String oldString, String newString) {}
public String formatint(String se) {}
public String fromatcomment(String se) {}
public String toHtmlInput(String str) {}
public String toHtml(String str) {}
public String toSql(String str) {}//转换为可以加入Myqal的格式
}
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>使用MYsql数据库</title>
</head>
<body>
<p align="center"><center><font style="COLOR: blue; FONT-FAMILY: 方正舒体,华文行楷,隶书,宋体; FONT-SIZE: 16pt">萍慧jsp留言薄</font></center></p>
<p align="center">
<%! String username,sex,address,post,oicq,icq,telnumber,comment,email,url.urltitle;
%>
<%
try{ username=request.getParameter("name");
}catch (NullPointerException e){ username="";}
try{ comment=request.getParameter("comment");
}catch (NullPointerException e){ comment="";}
try{ sex=request.getParameter("sex");
}catch (NullPointerException e){ sex="";}
try{ address=request.getParameter("address");
}catch (NullPointerException e){ address="";}
try{ post=request.getParameter("postal");
}catch (NullPointerException e){ post="";}
try{ oicq=request.getParameter("oicq");
}catch (NullPointerException e){ oicq="";}
try{ icq=request.getParameter("icq");
}catch (NullPointerException e){ icq="";}
try{ telnumber=request.getParameter("telphone");
}catch (NullPointerException e) { telnumber= ""; }
try{ email=request.getParameter("email");
}catch (NullPointerException e) { email= ""; }
try{ url=request.getParameter("url");
}catch (NullPointerException e) { url= ""; }
try{ urltitle=request.getParameter("urltitle");
}catch (NullPointerException e) { urltitle= ""; }
String ip=request.getRemoteAddr();//得到IP地址
String time=(new SimpleDateFormat ("yyyy-MM-dd hh:mm:ss", Locale.US )).format(new java.util.Date());
String userid="";
String MyQuery="";
此处我调用了一个对留言进行合法检验的类
CommentError testcomment= new CommentError();
testcomment.Username(username);
testcomment.Postal (post);
testcomment.Sex(sex);
testcomment.Address(address);
testcomment.Tel(telnumber);
testcomment.Comment(comment);
testcomment.Oicq(oicq);
testcomment.Icq(icq);
if (testcomment.NoError) //留言中没有错误,写数据库
try {//写数据库成功
java.sql.Connection sqlConn; //数据库连接对象
java.sql.Statement sqlStmt; //语句对象
java.sql.ResultSet sqlRst; //结果集对象
//登记JDBC驱动对象
Class.forName ("org.gjt.mm.mysql.Driver").newInstance ();
//连接数据库
sqlConn= java.sql.DriverManager.getConnection ("jdbc:mysql://localhost/pinghui","test","");
//创建语句对象
sqlStmt=sqlConn.createStatement (java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE,java.sql.ResultSet.CONCUR_READ_ONLY);
//执行Sql语句
此处调用了一个对留言进行处理的类,是留言能被Mysql承认,
FormatComment FC= new FormatComment();
oicq=FC.formatint(oicq);
icq=FC.formatint(icq);
post=FC.formatint(post);
telnumber=FC.formatint(telnumber);
username=FC.toSql(username);
comment=FC.toSql(comment);
MyQuery="insert into comment (username,sex,address,ip,post,oicq,icq,telnumber,comment,time,url,email) values ('"+username+"','"+sex+"','"+address+"','"+ip+"',"+post+","+oicq+","+icq+",'"+telnumber+"','"+comment+"',now(),'"+url+"','"+email+"');";
sqlRst=sqlStmt.executeQuery (MyQuery); //向数据库中加入数据
sqlRst.close();//关闭结果集对象
sqlStmt.close ();//关闭语句对象
sqlConn.close(); //关闭数据库连接
out.print (time);
%>
<font size="5" face="华文行楷">留言成功,谢谢!</font>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td width="25%">昵称:<%=username%></td>
<td width="25%">性别:<%=sex%></td>
<td colspan="2" width="50%">地址:<%=address %></td>
</tr>
<tr>
<td width="25%">电话:<%=telnumber%></td>
<td width="25%">邮编:<%=post%></td>
<td width="25%">OICQ:<%=oicq%></td>
<td width="25%">ICQ:<%=icq%></td>
</tr>
<tr>
<td colspan="2" width="50%">Email:<a href="mailto:" title="写信给留言者"></a></td>
<td colspan="2" width="50%">网址:<a href target="_blank"></a></td>
</tr>
<tr>
<td colspan="4"><font style="COLOR: green; LINE-HEIGHT: 150%">留言:</font><%=comment%><font style="COLOR: green; LINE-HEIGHT: 150%"><br>
-</font><%=time %><font style="COLOR: green; LINE-HEIGHT: 150%">(来自</font><%=ip %><font style="COLOR: green; LINE-HEIGHT: 150%">)</font></td>
</tr>
</tbody>
</table>
<hr color="#0080c0" noshade size="1" width="100%">
<%
} catch (SQLException e) //写数据库失败
{ out.print ("<font color=red>留言失败</font>");
out.print (MyQuery);
out.print (userid);
}
else
{
out.print ("<font color=red>总共有"+testcomment.ErrorCount+"条错误数据,请修改!</font>");
%>
<script language="JavaScript">
<!--
function test_comments(theForm)
{
if (theForm.name.value == "")
{ alert("姓名不能为空!:-)");
theForm.name.focus();
return (false);
}
if (theForm.name.value.length > 12)
{ alert("姓名太长,不能多于12个字符(既六个汉字)!");
theForm.name.focus();
return (false);
}
if (theForm.address.value.length > 40)
{ alert("地址太长,不能多于40个字符(20个汉字)!");
theForm.name.focus();
return (false);
}
if (theForm.comment.value == "")
{ alert("抱歉,留言不能为空!你必须输入留言");
theForm.comment.focus();
return (false);
}
if (theForm.comment.value.length > 1000)
{ alert("抱歉,你的留言太长,最多为1000个字符!");
theForm.comment.focus();
return (false);
}
return (true);
} -->
<table>
<tr>
<td>
<table cellspacing="0" cellpadding="0">
<tr>
<td><!--表单开始-->
<form action="addmysql.jsp" method="POST" name="all_comments" onsubmit="javascript:return (test_comments(this))">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="60%">昵 称:<input name="name" size="20" value="<%if (username != null) out.print (username);%>"><%=testcomment.Comment_Er("username")%></td>
<td nowrap width="40%">性 别:<select name="sex" size="1">
<option selected value="男" <%if(sex=="男") out.print ("select"); %>>男</option>
<option value="女" <%if(sex=="女") out.print ("select"); %>>女</option>
<option value="保密" <%if(sex=="保密") out.print ("select"); %>>保密</option>
</select><%=testcomment.Comment_Er("sex")%></td>
</tr>
<tr>
<td colspan="2">地 址:<input name="address" size="40" value="<%if (address!=null) out.print(address);%>"><%=testcomment.Comment_Er("address")%></td>
</tr>
<tr>
<td>电 话:<input name="telphone" size="15" value="<%if(telnumber!=null)out.print(telnumber);%>"><%=testcomment.Comment_Er("tel")%></td>
<td>邮 编:<input name="postal" size="6" value="<%if(post!=null) out.print(post);%>"><%=testcomment.Comment_Er("postal")%></td>
</tr>
<tr>
<td> OICQ:<input name="oicq" size="10" value="<%if(oicq!=null) out.print (oicq);%>"><%=testcomment.Comment_Er("oicq")%></td>
<td> ICQ :<input name="icq" size="15" value="<%if(icq!=null)out.print(icq);%>"><%=testcomment.Comment_Er("icq")%></td>
</tr>
<tr>
<td colspan="2">Email:<input name="email" size="25" value="<%if(email!=null) out.print(email);%>"><%//=testcomment.Comment_Er("")%></td>
</tr>
<tr>
<td colspan="2">网 址:<input name="url" size="40" value="<%if(url!=null)out.print(url);%>"><%//=testcomment.Comment_Er("")%></td>
</tr>
<tr>
<td colspan="2"><textarea cols="80" name="comment" rows="10" wrap="physical"><%if (comment!=null)out.print (comment);%></textarea>
<tr>
<td align="right"><input name="put_submit" type="submit" value="确定" ?></td>
<td align="left"><input name="r" type="reset" value="重置"></td>
</tr>
</table>
</form>
<!--提交表单结束-->
</td>
<td><%=testcomment.Comment_Er("comment")%>请注意:你所输入的内容中,昵称和留言为必须输入的项目!<br>
不支持html标志</td>
</tr>
</table>
</td>
</tr>
</table>
<%
}
%>
</body>