Java 处理JSP页面发生异常,行指向startsWith()方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9753464/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
An exception occurred processing JSP page, line points to startsWith() method
提问by Sudhagar Sachin
I have the following code in my JSP:
我的 JSP 中有以下代码:
String name=request.getParameter("name");
if(name.startsWith("315")){
query="select pass from students where regno='"+name+"'";
url1="marks.jsp";
}
else{
query="select pass from staff where name='"+name+"'";
url1="staff.jsp";
}
When I run this JSP, I get a HTTP 500 error page:
当我运行这个 JSP 时,我得到一个 HTTP 500 错误页面:
org.apache.jasper.JasperException: An exception occurred processing JSP page /index.jsp at line 35
32: String url1="";
33: if(name!="")
34: {
35: if(name.startsWith("315")){
36: query="select pass from students where regno='"+name+"'";
37: url1="marks.jsp";
38: }
Stacktrace:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:568)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:470)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
How is this caused and how can I solve it?
这是怎么引起的,我该如何解决?
回答by BalusC
It says that "An exception" has occurred. You should look further down in the stacktrace or in the server logs for that exception. One of the exceptions which could occur on the particular line of code is a NullPointerException. This will happen when nameis actually null(i.e. the parameter is notbeen sent along with the request). Your code is not checking for that beforehand at all. The following check in your code
它说发生了“异常”。您应该在堆栈跟踪或服务器日志中进一步查看该异常。特定代码行上可能发生的异常之一是NullPointerException. 这将在name实际发生时发生null(即参数未与请求一起发送)。您的代码根本没有事先检查。以下检查您的代码
if (name!="") {
// ...
}
makes really no sense. It would always return true, expect when namerefers actually exactly the same empty string instance ""in the memory. If you want to check if it is not nulland not empty, then you should instead be checking as follows:
真的没有任何意义。它总是会返回true,期望在内存中name实际引用完全相同的空字符串实例""时。如果你想检查它是否不是null空的,那么你应该检查如下:
if (name != null && !name.isEmpty()) {
// ...
}
That said, you've a SQL injectionhole there in your code. You're not escaping the user-submitted value, but inlining it in the SQL query string. Anyone could easily submit (partial) SQL query strings as request parameter and be able to execute a completely different SQL query (like a DROP, TRUNCATE, etc). I recommend to take some time apart to learn how to use PreparedStatement.
也就是说,您的代码中有一个SQL 注入漏洞。您不是在转义用户提交的值,而是将其内联到 SQL 查询字符串中。任何人都可以很容易地提交(部分)SQL查询字符串作为请求参数,并能够执行一个完全不同的SQL查询(如DROP,TRUNCATE等)。我建议花一些时间来学习如何使用PreparedStatement.
Last but not least, a JSP file is the wrong place to put Java code in. I'd also recommend to take some time apart to learn how to use servlets.
最后但并非最不重要的是,JSP 文件是放置 Java 代码的错误位置。我还建议花一些时间来学习如何使用 servlet。
