I want to retrieve information from my database.I got the input dynamically from user using html and through jsp i get the information from the database(Mysql).The following is the jsp code
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/indi", "root", "");
Statement statement = connection.createStatement();
String id1 = request.getParameter("id");
ResultSet resultset = statement.executeQuery("select * from books where author = '" + id1 + "'") ;
if(!resultset.next()) {
out.println("Sorry, could not find that publisher. ");
} else {
%>
<TABLE BORDER="1">
<TR>
<TH>name</TH>
<TH>author</TH>
<TH>money</TH>
<TH>pany</TH>
</TR>
<TR>
<TD> <%= resultset.getString(1) %> </TD>
<TD> <%= resultset.getString(2) %> </TD>
<TD> <%= resultset.getString(3) %> </TD>
<TD> <%= resultset.getString(4) %> </TD>
</TR>
</TABLE>
<BR>
<%
}
}
%>
I used author as a keyword to retrieve the data.Now i have 2 authors with the same name in my database but the above code fetches only one authors info i.e the first one and it leaves the other.Where should i modify in this code so that it will retrieve both the data
I want to retrieve information from my database.I got the input dynamically from user using html and through jsp i get the information from the database(Mysql).The following is the jsp code
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/indi", "root", "");
Statement statement = connection.createStatement();
String id1 = request.getParameter("id");
ResultSet resultset = statement.executeQuery("select * from books where author = '" + id1 + "'") ;
if(!resultset.next()) {
out.println("Sorry, could not find that publisher. ");
} else {
%>
<TABLE BORDER="1">
<TR>
<TH>name</TH>
<TH>author</TH>
<TH>money</TH>
<TH>pany</TH>
</TR>
<TR>
<TD> <%= resultset.getString(1) %> </TD>
<TD> <%= resultset.getString(2) %> </TD>
<TD> <%= resultset.getString(3) %> </TD>
<TD> <%= resultset.getString(4) %> </TD>
</TR>
</TABLE>
<BR>
<%
}
}
%>
I used author as a keyword to retrieve the data.Now i have 2 authors with the same name in my database but the above code fetches only one authors info i.e the first one and it leaves the other.Where should i modify in this code so that it will retrieve both the data
Share Improve this question edited Nov 23, 2012 at 11:58 Ezhil asked Nov 23, 2012 at 11:50 EzhilEzhil 2612 gold badges10 silver badges31 bronze badges 2- 1 Your code is prone to SQL-Injection !! don't do that!! owasp/index.php/SQL_Injection even for testing or home grown software it creates bad habbit! Use prepared statements!. It will if you pass different value to: "id" param. – damiankolasa Commented Nov 23, 2012 at 11:53
- get list instead of single author detail and than iterate it – rajesh kakawat Commented Nov 23, 2012 at 11:54
2 Answers
Reset to default 1try to make a loop on resultset.
while(rs.next( )){
%>
<TABLE BORDER="1">
<TR>
<TH>name</TH>
<TH>author</TH>
<TH>money</TH>
<TH>pany</TH>
</TR>
<TR>
<TD> <%= resultset.getString(i) %> </TD>
<TD> <%= resultset.getString(i+1) %> </TD>
<TD> <%= resultset.getString(i+2) %> </TD>
<TD> <%= resultset.getString(i+3) %> </TD>
</TR>
</TABLE>
<BR>
<% } %>
<tr>
<TD> <%= resultset.getString(name) %> </TD>
<TD> <%= resultset.getString(author) %> </TD>
<TD> <%= resultset.getString(money) %> </TD>
<TD> <%= resultset.getString(pany) %> </TD>
</tr>
try out with this one it will work i am using the same in my code