addMessage.htm
代码;
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="/guestbook2/js/validation-framework.js"></script>
<script type="text/javascript" src="/guestbook2/fckeditor/fckeditor.js"></script>
<title>add message</title>
</head>
<body>
<p align="center">请您输入留言</p>
<p align="center"><a href="/guestbook2/servlet/getMessages">查看留言</a></p>
<form id="form1" name="form1" method="post" action="/guestbook2/servlet/addMessage" onsubmit="return doValidate(this)">
<table width="600" height="400" border="0" align="center">
<tr>
<td width="100">姓名:</td>
<td width="500">
<input name="name" type="text" id="name" size="40" maxlength="20" />
</td>
</tr>
<tr>
<td>E-Mail:</td>
<td>
<input name="email" type="text" id="email" size="40" maxlength="40" />
</td>
</tr>
<tr>
<td>电话:</td>
<td>
<input name="phone" type="text" id="phone" size="40" maxlength="20" />
</td>
</tr>
<tr>
<td>主题:</td>
<td>
<input name="title" type="text" id="title" size="80" maxlength="80" />
</td>
</tr>
<tr>
<td valign="top">内容:</td>
<td>
<script type="text/javascript">
var oFCKeditor = new FCKeditor("content");
oFCKeditor.BasePath = '/guestbook2/fckeditor/' ;
oFCKeditor.Height = 300 ;
oFCKeditor.ToolbarSet = 'Basic';
oFCKeditor.Create() ;
</script>
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="Submit" value="提交" />
<input type="reset" name="Reset" value="重置" />
</td>
</tr>
</table>
</form>
</body>
</html>
StringUtil.java
代码:
package webbook.util;
public class StringUtil {
/**
* 判断输入的字符串参数是否为空。
* @param args 输入的字串
* @return true/false
*/
public static boolean validateNull(String args) {
if (args == null || args.length() == 0) {
return true;
} else {
return false;
}
}
/**
* 判断输入的字符串参数是否为空或者是"null"字符,如果是,就返回target参数,如果不是,就返回source参数。
*/
public static String chanageNull(String source, String target) {
if (source == null || source.length() == 0 || source.equalsIgnoreCase("null")) {
return target;
} else {
return source;
}
}
/**
* 过滤<, >,\n 字符的方法。
* @param input 需要过滤的字符
* @return 完成过滤以后的字符串
*/
public static String filterHtml(String input) {
if (input == null) {
return null;
}
if (input.length() == 0) {
return input;
}
input = input.replaceAll("&", "&");
input = input.replaceAll("<", "<");
input = input.replaceAll(">", ">");
input = input.replaceAll(" ", " ");
input = input.replaceAll("'", "'");
input = input.replaceAll("\"", """);
return input.replaceAll("\n", "<br>");
}
}
AddMessageServlet.java
代码:
package webbook.guestbook;
import java.io.*;
import java.sql.*;
import javax.naming.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.sql.DataSource;
import java.text.SimpleDateFormat;
import webbook.util.StringUtil;
public class AddMessageServlet extends HttpServlet {
private static final long serialVersionUID = -8349454122547148005L;
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String sql = "insert into guestbook (id,name,email,phone,title,content,time) values(gb_seq.nextval,?,?,?,?,?,?)";
int result = 0;
Connection conn = null;
request.setCharacterEncoding("utf-8");
String name = request.getParameter("name");
String title = request.getParameter("title");
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>guestbook input page</title></head>");
out.println("<body>");
if (StringUtil.validateNull(name)) {
out.println("对不起,姓名不能为空,请您重新输入!<br>");
out.println("<a href=\"" + request.getContextPath() + "/addMessage.htm\">添加新的留言</a><br>");
} else if (StringUtil.validateNull(title)) {
out.println("对不起,主题不能为空,请您重新输入!<br>");
out.println("<a href=\"" + request.getContextPath() + "/addMessage.htm\">添加新的留言</a><br>");
} else {
try {
Context context = new InitialContext();
DataSource ds = (DataSource) context.lookup("java:/comp/env/jdbc/oracleds");
conn = ds.getConnection();
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, StringUtil.filterHtml(name));
pstmt.setString(2, StringUtil.filterHtml(request.getParameter("email")));
pstmt.setString(3, StringUtil.filterHtml(request.getParameter("phone")));
pstmt.setString(4, StringUtil.filterHtml(title));
pstmt.setString(5, request.getParameter("content"));
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
pstmt.setString(6, sdf.format(new java.util.Date()));
result = pstmt.executeUpdate();
pstmt.close();
} catch (NamingException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (result == 0) {
out.println("对不起,添加留言不成功,请您重新输入!<br>");
out.println("<a href=\"" + request.getContextPath() + "/addMessage.htm\">添加新的留言</a><br>");
} else {
out.println("祝贺您,成功添加留言。<br>");
out.println("<a href=\"" + request.getContextPath() + "/servlet/getMessages\">查看所有留言内容</a><br>");
}
out.println("</body>");
out.println("</html>");
out.flush();
out.close();
}
}
}
GetMessageServlet.java
代码;
package webbook.guestbook;
import java.io.*;
import java.sql.*;
import javax.naming.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.sql.DataSource;
import webbook.util.StringUtil;
public class GetMessagesServlet extends HttpServlet {
private static final long serialVersionUID = 5964428201228635704L;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String sql = "select * from guestbook order by id desc";
Connection conn = null;
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>display messages</title></head>");
out.println("<style>");
out.println("*{font-family:\"宋体\";font-size:14px}");
out.println("</style>");
out.println("<body><center>");
out.println("<a href=\""+request.getContextPath()+"/addMessage.htm\">添加新的留言内容</a><br>");
out.println("留言内容<br><br>");
try {
Context initContext = new InitialContext();
DataSource ds = (DataSource) initContext.lookup("java:/comp/env/jdbc/oracleds");
conn = ds.getConnection();
PreparedStatement pstmt = conn.prepareStatement(sql);
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
this.printRow(out, rs);
}
rs.close();
pstmt.close();
} catch (NamingException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
out.println("</center></body>");
out.println("</html>");
out.flush();
out.close();
}
private void printRow(PrintWriter out, ResultSet rs) throws SQLException {
out.println("<table width=\"600\" border=\"1\" bordercolor=\"000000\" style=\"table-layout:fixed;word-break:break-all\">");
out.println("<tr><td width=\"50\" bordercolor=\"ffffff\">编号:</td>");
out.println("<td width=\"550\" bordercolor=\"ffffff\" >" + rs.getInt("id") + "</td></tr>");
out.println("<tr><td bordercolor=\"ffffff\">姓名:</td><td bordercolor=\"ffffff\" >" + rs.getString("name") + "</td></tr>");
out.println("<tr><td bordercolor=\"ffffff\">电话:</td><td bordercolor=\"ffffff\" >" + StringUtil.chanageNull(rs.getString("phone"), "没填")
+ "</td></tr>");
out.println("<tr><td bordercolor=\"ffffff\">email:</td><td bordercolor=\"ffffff\" >" + StringUtil.chanageNull(rs.getString("email"), "没填")
+ "</td></tr>");
out.println("<tr><td valign=\"top\" bordercolor=\"fffff\">主题:</td><td bordercolor=\"ffffff\" >" + rs.getString("title") + " </td></tr>");
out.println("<tr><td valign=\"top\" bordercolor=\"fffff\">内容:</td>");
out.println("<td bordercolor=\"fffff\" align=\"left\" bordercolor=\"ffffff\" >" + StringUtil.chanageNull(rs.getString("content"), "没填")
+ "</td></tr>");
out.println("<tr><td bordercolor=\"ffffff\">时间:</td><td bordercolor=\"ffffff\" >" + rs.getString("time") + " </td></tr>");
out.println("</table><br>");
}
}