Reputation: 79
I am writing an online reservation system. I have problem with my code where the user can cancel their reservations with cancel button on jsp page. But my code is not working. It cannot delete data from database. How can I do that?
myreservations.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import ="java.sql.*" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Book Ticket</title>
</head>
<body background="http://www.teamarking.com/barcode/bar_background.jpg">
<form method="post" action="reservations.jsp">
<center>
<table border="1" width="30%" height="30%">
<tr>
<th><font color='#D18603'>ActivityID</font></th>
<th><font color='#D18603'>Username</font></th>
<th><font color='#D18603'>Ticket</font></th>
<th><font color='#D18603'>Cancel</font></th>
</tr>
<%
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection("jdbc:derby://localhost:1527/users", "users", "123");
String username = (String) request.getSession().getAttribute("username");
Statement st = con.createStatement();
ResultSet rs;
rs = st.executeQuery("select * from reservation where username='" + username + "'");
while (rs.next()) {
String activityid = rs.getString("id");
username = rs.getString("username");
String buy = rs.getString("buy");
out.println("<tr>");
out.println("<td>" + activityid + "</td>");
out.println("<td>" + username + "</td>");
out.println("<td>" + buy + "</td>");
out.println("<td><b><form action='cancel.jsp'><input type='submit' name='cancel' value='Cancel Reservation'></form></b>");
out.println("</tr>");
}
st.close();
%>
</center>
</table>
<br><a href='success.jsp'>Back</a>
<br><br><a href='logout.jsp'>Log out</a>
</form>
</body>
</html>
cancel.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import ="java.sql.*" %>
<%
String AcivityID = request.getParameter("ActivityID");
String Username = request.getParameter("Username");
String Ticket = request.getParameter("Ticket");
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection("jdbc:derby://localhost:1527/users", "users", "123");
String sorgu = "delete from reservation where id='" + request.getParameter(AcivityID) + "'AND username='" + request.getParameter(Username) + "'AND buy='" + request.getParameter(Ticket) + "'";
java.sql.Statement st = con.createStatement();
int rowNum = st.executeUpdate(sorgu);
response.sendRedirect("cancelled.jsp");
st.close();
%>
Upvotes: 0
Views: 1578
Reputation: 686
You need to add a hidden input field to each of the cancel forms to pass the information which ActivityID is being canceled.
Currently your form looks like:
<form action='cancel.jsp'>
<input type='submit' name='cancel' value='Cancel Reservation'>
</form>
With the added hidden field it looks like:
<form action='cancel.jsp'>
<input type='submit' name='cancel' value='Cancel Reservation'>
<input type="hidden" name="activityID" value="25">
</form>
Unless you pass on this extra piece of information to the cancel.jsp, that has no knowledge which of the many cancel buttons was pressed. To the user it might be clear which of the activities is to be cancelled, however the cancel.jsp is on the receiving end of the form and has no knowledge in which column of the table that button was located.
If you want to have username, activityID and Ticket in your SQL statement, you need to pass all three values using hidden fields.
Upvotes: 2