如何在JSP中使用参数化的SQL查询?
的:<SQLPARAM>用作嵌套动作标签<:查询SQL>标记和<SQL:更新>标记为一个值的占位符提供一个值。如果提供空值,则将占位符的值设置为SQLNULL。
属性
<SQL:PARAM>标签具有以下属性-
示例
首先,让我们在TEST数据库中创建一个Employees表,并在该表中创建一些记录,如下所示:
步骤1
打开命令提示符,然后更改为安装目录,如下所示:
C:\> C:\>cd Program Files\MySQL\bin C:\Program Files\MySQL\bin>
第2步
登录数据库,如下所示:
C:\Program Files\MySQL\bin>mysql -u root -p Enter password: ******** mysql>
第三步
在TEST数据库中创建Employee表,如下所示-
mysql> use TEST;
mysql> create table Employees (
id int not null,
age int not null,
first varchar (255),
last varchar (255)
);
mysql>创建数据记录
现在,我们将在Employee表中创建一些记录,如下所示:
mysql> INSERT INTO Employees VALUES (100, 18, 'Zara', 'Ali'); mysql> INSERT INTO Employees VALUES (101, 25, 'Mahnaz', 'Fatma'); mysql> INSERT INTO Employees VALUES (102, 30, 'Zaid', 'Khan'); mysql> INSERT INTO Employees VALUES (103, 28, 'Sumit', 'Mittal'); mysql>
现在让我们编写一个JSP,它将使用<sql:update>标记执行一条SQLDELETE语句,以从表中删除ID=103的一条记录,如下所示-
<%@ page import = "java.io.*,java.util.*,java.sql.*"%>
<%@ page import = "javax.servlet.http.*,javax.servlet.*" %>
<%@ taglib uri = "http://java.sun.com/jsp/jstl/core" prefix = "c"%>
<%@ taglib uri = "http://java.sun.com/jsp/jstl/sql" prefix = "sql"%>
<html>
<head>
<title>JSTL sql:param Tag</title>
</head>
<body>
<sql:setDataSource var = "snapshot" driver = "com.mysql.jdbc.Driver"
url = "jdbc:mysql://localhost/TEST"
user = "root" password = "pass123"/>
<c:set var = "empId" value = "103"/>
<sql:update dataSource = "${snapshot}" var = "count">
DELETE FROM Employees WHERE Id = ?
<sql:param value = "${empId}" />
</sql:update>
<sql:query dataSource = "${snapshot}" var = "result">
SELECT * from Employees;
</sql:query>
<table border = "1" width = "100%">
<tr>
<th>Emp ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Age</th>
</tr>
<c:forEach var = "row" items = "${result.rows}">
<tr>
<td> <c:out value = "${row.id}"/></td>
<td> <c:out value = "${row.first}"/></td>
<td> <c:out value = "${row.last}"/></td>
<td> <c:out value = "${row.age}"/></td>
</tr>
</c:forEach>
</table>
</body>
</html>访问上面的JSP,将显示以下结果-
+-------------+----------------+-----------------+-----------------+ | Emp ID | First Name | Last Name | Age | +-------------+----------------+-----------------+-----------------+ | 100 | Zara | Ali | 18 | | 101 | Mahnaz | Fatma | 25 | | 102 | Zaid | Khan | 30 | +-------------+----------------+-----------------+-----------------+
您可以尝试将<sql:param>标记与SQLUPDATE和SELECT语句一起使用,就像我们将其与DELETE语句一起使用一样。