我要用form.n来获取用户名n密码。我用mysql table中存储的用户名n密码验证它。但是没有被执行...有人能告诉我什么是错的??? thnx快速回复.. ;-)
*package mypack;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class SaveServlet
*/
public class SaveServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public SaveServlet() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
String u = request.getParameter("username");
String p=request.getParameter("password");
System.out.println(u);
System.out.println(p);
String c="jdbc:mysql://localhost:3306/test";
Connection con=null;
try{
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection(c, "root", "MyNewPass");
PreparedStatement pst=con.prepareStatement("select * from userinfo where username="+u+" and password="+p+";");
System.out.println("inside resultset");
ResultSet rs=pst.executeQuery();
System.out.println("inside resultset");
while(rs.next())
{
System.out.println("inside resultset");
}
}
catch (Exception e) {
// TODO: handle exception
System.out.println("Failed");
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}*
HTML
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">
function validate(){
var x = document.forms["form1"]["username"].value;
if (x == null || x == "") {
alert("Fill the User Id to Login");
return false;
}
var y = document.forms["form1"]["password"].value;
if (y == null || y == "") {
alert("Password Please");
return false;
}
else{
document.form1.submit();
return true;
}
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<center>
<form action="SaveServlet" name="form1">username <input
type="text" name="username" /> <br>
<br>
password <input type="password" name="password"></input><br>
<br>
<input type="button" value="login" onclick="validate()"> </form>
</center>
</body>
</html>
答案 0 :(得分:0)
这将导致sql注入。 您需要使用PreparedStament来执行查询
首先应进行以下更改:
Object u_obj = request.getParameter("username");
Object p_obj = request.getParameter("password");
String u = u_obj==null?"":u_obj;
String p = p_obj==null?"":p_obj;
其次:
PreparedStatement pst=con.prepareStatement("select * from userinfo where username="+u+" and password="+p+";");
应替换为:
PreparedStatement pst=con.prepareStatement("select * from userinfo where username=? and password=?");
pst.setString(1,u);
pst.setString(2,p);
答案 1 :(得分:0)
概率是查询语法...将其更改为
"select * from userinfo where username='"+u+"' and password='"+p+"'";
更正了servlet ...
package mypack;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class SaveServlet
*/
public class SaveServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public SaveServlet() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
String u = request.getParameter("username");
String p=request.getParameter("password");
System.out.println("USER-->"+u);
ResultSet rs;
String q="select * from userinfo where username='"+u+"' and password='"+p+"'";
Connection con=null;
String c="jdbc:mysql://localhost:3306/test";
try{
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection(c, "root", "MyNewPass");
System.out.println("connection done");
PreparedStatement ps=con.prepareStatement(q);
System.out.println(q);
rs=ps.executeQuery();
System.out.println("done2");
while (rs.next()) {
System.out.println(rs.getString(1));
System.out.println(rs.getString(2));
}
}
catch (Exception e) {
// TODO: handle exception
System.out.println("Failed");
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
答案 2 :(得分:0)
试试这个:
package mypack;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class SaveServlet
*/
public class SaveServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* Default constructor.
*/
public SaveServlet() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
String u = request.getParameter("username");
String p=request.getParameter("password");
System.out.println(u);
System.out.println(p);
String c="jdbc:mysql://localhost:3306/test";
Connection con=null;
try{
Class.forName("com.mysql.jdbc.Driver").newInstance();
String sql = "select * from userinfo where username=? and password=?";
con = DriverManager.getConnection(c, "root", "MyNewPass");
PreparedStatement pst =con.prepareStatement(sql);
pst.setString(1,u);
pst.setString(2,p);
System.out.println("inside resultset");
ResultSet rs=pst.executeQuery();
System.out.println("inside resultset");
while(rs.next())
{
System.out.println("inside resultset");
}
}
catch (Exception e) {
// TODO: handle exception
System.out.println("Failed");
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}*