양식 제출 예외 JSP

Question

왜 오류가 있습니까? 어떻게해야합니까? intellij에 Java EE (jsdk) 및 classes12를 추가하고 tomcat의 lib 디렉토리에 classes12를 추가했습니다. 이것은 DataAccessLayer입니다.

public class DataBase { 
    private Connection connection; 
    private PreparedStatement statement; 

    public DataBase() throws ClassNotFoundException, SQLException { 
     Class.forName("oracle.jdbc.driver.OracleDriver"); 
     connection = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe", "SYSTEM", "1234"); 
    } 

    public void insertOrUpdateOrDelete(String sqlQuery) throws SQLException { 
     statement = connection.prepareStatement(sqlQuery); 
     statement.executeUpdate(); 
    } 

    public ResultSet select(String sqlQuery) throws SQLException { 
     statement = connection.prepareStatement(sqlQuery); 
     ResultSet resultSet = statement.executeQuery(); 
     return resultSet; 
    } 

    public void disconnect() throws SQLException { 
     statement.close(); 
     connection.close(); 
    } 
} 

---

데이터베이스 클래스에서 사용하는이 클래스입니다.

public class Users { 
DataBase dataBase; 
    public Users() throws ClassNotFoundException, SQLException { 
     dataBase = new DataBase(); 
    } 

    public void addUser(HttpServletRequest request) throws SQLException { 

     String sqlQuery = "insert into users (name,family,email,tel,password) values('" + request.getParameter("name") + "','" + request.getParameter("family") + "','" + request.getParameter("email") + "','" + request.getParameter("tel") + "','" + request.getParameter("password") + "')"; 
     dataBase.insertOrUpdateOrDelete(sqlQuery); 
     dataBase.disconnect(); 
    } 

---

는 그리고 이것은 내 REGIST JSP 페이지입니다. 어떤 사용자가 제출 버튼을 클릭했는지 확인하고 데이터베이스에 저장하십시오.

<% 
     if (request.getParameter("name") != null) { 
      try { 
       Users user = new Users(); 
       user.addUser(request); 

      } catch (Exception error) { 
       error.printStackTrace(); 

      } 

     } 

%> 
     <form id="RegisterForm" action="Regist.jsp" method="post"> 
      <div> 
       <div class="wrapper"> 
        <div class="bg"><input type="text" class="input" name="name"/></div> 
        Name:<br/> 
       </div> 
       <div class="wrapper"> 
        <div class="bg"><input type="text" class="input" name="family"/></div> 
        Family:<br/> 
       </div> 
       <div class="wrapper"> 
        <div class="bg"><input type="text" class="input" name="email"/></div> 
        E-mail:<br/> 
       </div> 
       <div class="wrapper"> 
        <div class="bg"><input type="password" class="input" name="password"/></div> 
        Password:<br/> 
       </div> 
       <div class="wrapper"> 
        <div class="bg"><input type="text" class="input" name="tel"/></div> 
        Tel:<br/> 
       </div> 


       <input Class="button1" type="submit" value="SUBMIT"/> 
       <input Class="button1" type="reset" value="RESET"/> 

      </div> 
     </form> 

---

하지만 난 예외가

Exceptions : 
java.sql.SQLException: ORA-01400: cannot insert NULL into ("SYSTEM"."USERS"."ID") 

    at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:124) 
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:304) 
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:271) 
    at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:625) 
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:181) 
    at oracle.jdbc.driver.T4CPreparedStatement.execute_for_rows(T4CPreparedStatement.java:791) 
    at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1032) 
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2884) 
    at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:2956) 
    at airAgency.DataBase.insertOrUpdateOrDelete(DataBase.java:24) 
    at airAgency.Users.addUser(Users.java:24) 
    at org.apache.jsp.Regist_jsp._jspService(Regist_jsp.java:125) 
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) 
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388) 
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) 
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) 
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) 
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602) 
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) 
    at java.lang.Thread.run(Thread.java:619) 

Answer 1

오류 메시지가 문제가 무엇인지 설명하고 있습니다

cannot insert NULL into ("SYSTEM"."USERS"."ID") 

당신은 사용자 테이블에 nullable이 아닌 열라는 이름의 ID가 ,하지만이 열에 아무 것도 삽입하지 않으면 데이터베이스가 불평합니다.

또한 코드는 준비된 문을 잘못된 방식으로 사용하여 SQL 주입 공격을받을 수있는 완벽한 예입니다. 쿼리가 결합되어야 매개 변수가 있어야합니다 내 이름은 오라일리경우, 예를 들어

insert into users (name,family,email,tel,password) values(?, ?, ?, ?, ?) 

를 쿼리 구문 오류와 함께 실패합니다. 그리고 그것은 잠재적 인 문제 중 가장 적은 것입니다.

JDBC tutorial에 준비된 내용을 읽으십시오.