我正在处理以下代码,用于解析来自servlet的登录凭据。
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.swing.JOptionPane;
@WebServlet("/login")
public class oneServlet extends HttpServlet {
public static Connection getConnection() throws Exception {
String driver = "org.postgresql.Driver";
String url = "jdbc:postgresql://10.1.11.112:5432/pack";
String username = "pack";
String password = "pack";
Class.forName(driver);
Connection conn = DriverManager.getConnection(url, username, password);
return conn;
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String user=request.getParameter("t1");
String pass=request.getParameter("t2");
System.out.println("done 1");
Connection conn = null;
PreparedStatement pstmt = null;
System.out.println("done 2");
try {
conn = getConnection();
String queryTest = "select username,password from login ";
pstmt = conn.prepareStatement(queryTest);
System.out.println("done 3");
ResultSet rs = pstmt.executeQuery();
System.out.println("done4");
while (rs.next()) {
System.out.println("done5");
String username=rs.getString(1);
String password=rs.getString(2);
if(user.equals(username) && pass.equals(password))
{
response.sendRedirect("LoginSuccess.jsp");
return;
}
else
{
JOptionPane.showMessageDialog(null, "retry");
}
}
}
catch (Exception e) {
e.printStackTrace();
}
finally {
try {
pstmt.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
我面临的问题是"而(rs.next())"正在迭代并显示表中可用的每个用户名的输出,但我需要它只显示一次,重定向或重试。任何建议都表示赞赏。
答案 0 :(得分:4)
您不必将整个数据库表复制到Java的内存中,而不是以这样的方式编写SQL查询,即数据库返回完全您要查找的行,这样您就可以获得离开if (resultSet.next())。
使用SQL WHERE子句。
String query = "select username from login where username=? and password=?";
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
try {
connection = getConnection();
statement = connection.prepareStatement(query);
statement.setString(1, user);
statement.setString(2, pass);
resultSet = statement.executeQuery();
if (resultSet.next()) {
response.sendRedirect("LoginSuccess.jsp");
} else {
request.setAttribute("message", "retry");
}
} catch (SQLException e) {
throw new ServletException("DB interaction failed", e);
} finally {
if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
请注意,我还修复了显示消息的疯狂方式,并修复了异常处理和关闭数据库资源的问题。 JOptionPane只会向webserver的屏幕显示消息,而不是webbrowser的屏幕,当它们不在物理上相同的机器上运行时,它们在实际生产环境中当然会失败。我强烈建议stop reading roseindia.net tutorials。该网站混乱了诸如代码中公开的不良做法。
答案 1 :(得分:1)
将您的查询更改为
String queryTest = "select username,password from login where username = ?";
pstmt = conn.prepareStatement(queryTest);
pstmt.setString(1,user);
更新: 更好的解决方案是不从数据库中获取密码(出于安全问题)而只获取所需的数据。
答案 2 :(得分:0)
您正在运行的查询不适用于您为每个用户查询的任何特定用户。我想你忘了在查询中添加用户名和密码。
虽然如果你需要迭代它一次,用if替换while只需要迭代一次
if (rs.Next){
//your code
}
答案 3 :(得分:-1)
while (rs.next()) {
System.out.println("done5");
String username=rs.getString(1);
String password=rs.getString(2);
if(user.equals(username) && pass.equals(password))
{
response.sendRedirect("LoginSuccess.jsp");
return;
}
else
{
JOptionPane.showMessageDialog(null, "retry");
}
break;
}
这不是一个正确的实现,但应解决您的问题。
答案 4 :(得分:-1)
进行查询,以便仅选择具有正确用户名和密码的结果:
String queryTest = "select username,password from login where username=? and password=?";
PreparedStatement pstmt = conn.prepareStatement(queryTest);
pstmt.setString(1, user);
pstmt.setString(2, pass);