“null”附近有语法错误。

错误如下:
com.microsoft.sqlserver.jdbc.SQLServerException: “null”附近有语法错误。
代码如下:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ page import="java.sql.*"%>
<%@ page import="java.io.*"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">



登录验证



This is my JSP page.这是一个登陆检查页面

<%
String driverName = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
String dbURL = "jdbc:sqlserver://localhost:1433;DatabaseName=bank";
String userName = "team";
String userPwd = "123456";
try {
Class.forName(driverName);
Connection dbConn = DriverManager.getConnection(dbURL, userName,
userPwd);
String s = request.getParameter("IDNum");
session.setAttribute("IDNum",s);
String IDNum = request.getParameter("IDNum");
String UserPassword = request.getParameter("UserPassword");
String a = request.getParameter("UserName");
session.setAttribute("UserName",a);
String UserName = request.getParameter("UserName");
//byte b[] = UserName.getBytes("UTF-8");
//UserName = new String(b); //防止出现乱码
Statement stmt = dbConn.createStatement();
String sql = "select * from hello where IDNum'" + s
+ "' and UserPassword='" + UserPassword
+ "'and UserName='" + a + "'";
//RS.execute();
ResultSet rs = stmt.executeQuery(sql);
if (rs.next()) {
out.println("欢迎您回来");
//reSsponse.sendRedirect("Business.jsp");
} else {
out.println("对不起您的用户ID或者密码错误");
%> 返回首页<%
}
}
catch (Exception e) {
e.printStackTrace();
}
%>



初哥新手盼大神回复解答,尽快。谢谢!

把你的sql语句String sql 打印出来看看,这个有语法错误。你可以放到数据库中执行试试

String sql = "select * from hello where IDNum'" + s

  • "' and UserPassword='" + UserPassword
  • "'and UserName='" + a + "'";

你的这个IDNum后边怎么没有等号。。。。
最好的方法是把sql打印出来,然后在数据库执行一下

request.getParameter("IDNum"); 你界面有传递IDNum这个参数吗,没有的话获取request.getParameter("IDNum");结果为null,null不能拿来使用的

没有对null进行处理,在通过请求获取到参数后,需要判断是否为null

 String sql = "select * from hello where IDNum'" + s//少了=号
+ "' and UserPassword='" + UserPassword
+ "'and UserName='" + a + "'";//这行and与单引号少了空格
改
String sql = "select * from hello where IDNum='" + s
+ "' and UserPassword='" + UserPassword
+ "' and UserName='" + a + "'";

String sql = "select * from hello where IDNum'" + s //这里少了个=号

  • "' and UserPassword='" + UserPassword
  • "'and UserName='" + a + "'"; 而且没有对拿到的参数值进行判断是不是NULL 检查一下你的参数名称是不是和form表单里面的参数名称一样