我正在尝试将一个字符串数组插入Postgres.我从Postgres得到了一个无效的类型错误.
public static void main(String[] args) throws SQLException {
String[] skus = { "0514", "0414", "0314", "0214", "0114", "1213", "1113", "1013", "0913", "0813", "0713", "0613" };
String sqlString = "Insert into dbo.Inventory_Metrics skus values(?)";
Connection conn = DriverManager.getConnection(getPostgresConnUrl());
PreparedStatement ps = conn.prepareStatement(sqlString);
//THIS NEXT LINE THROWS AN ERROR
ps.setObject(1, skus, java.sql.Types.NVARCHAR, skus.length);
int status = ps.executeUpdate();
ps.close();
System.out.print(status);
}
public static String getPostgresConnUrl() {
String database = "mycode";
String userName = "xxxxxxxx";
String password = "xxxxxxxx";
return "jdbc:postgresql://192.168.0.50:5432/" + database …我正在努力确保我的泽西请求参数被清理.
处理Jersey GET请求时,是否需要过滤非String类型?
例如,如果提交的参数是一个整数,则选项1(getIntData)和选项2(getStringData)黑客都安全吗?那么JSON PUT请求,我的ESAPI实现是否足够,或者我需要在映射后验证每个数据参数?它可以在映射之前进行验证吗?
泽西休息示例类:
public class RestExample {
//Option 1 Submit data as an Integer
//Jersey throws an internal server error if the type is not Integer
//Is that a valid way to validate the data?
//Integer Data, not filtered
@Path("/data/int/{data}/")
@GET
@Produces(MediaType.TEXT_HTML)
public Response getIntData(@PathParam("data") Integer data){
return Response.ok("You entered:" + data).build();
}
//Option 2 Submit data as a String, then validate it and cast it to an Integer
//String Data, filtered
@Path("/data/string/{data}/")
@GET
@Produces(MediaType.TEXT_HTML)
public Response …