我正在尝试使用glassfish服务器进行登录servlet,无论我键入了什么(正确的信息或错误的信息),总是让我回到索引页面而不是测试页面。
这是我的servlet的代码
package com.java.example;
import java.io.IOException;
import java.sql.*;
import javax.annotation.Resource;
import javax.servlet.*
import javax.sql.DataSource;
@WebServlet("/validate")
public class ValidationServlet extends HttpServlet {
@Resource(name="Project")
private DataSource dsProject1;
@Override
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
//Get the input from the request
String strEmail = req.getParameter("email");
String strPassword = req.getParameter("password");
String strMemberId = "";
Connection conn = null;
Statement statement = null;
ResultSet rs = null;
boolean loginSuccess = false;
try
{
conn = dsProject1.getConnection();
String sql = "SELECT * FROM members WHERE email = strEmail AND password = md5(strPassword)";
statement = conn.createStatement();
rs = statement.executeQuery(sql);
if(loginSuccess = rs.next())
{
strMemberID = rs.getString("memberid");
}
}
catch(SQLException ex)
{
System.out.println("SQLException: " + ex.getMessage());
}
finally
{
if(rs != null)
{
try
{
rs.close();
}
catch (SQLException ex)
{
System.out.println("SQLException: " + ex.getMessage());
}
}
if(statement != null)
{
try
{
statement.close();
}
catch (SQLException ex)
{
System.out.println("SQLException: " + ex.getMessage());
}
}
if(conn != null)
{
try
{
conn.close();
}
catch (SQLException ex)
{
System.out.println("SQLException: " + ex.getMessage());
}
}
}
if (loginSuccess == true) {
HttpSession session = req.getSession();
session.setAttribute("memberId", strMemberID);
RequestDispatcher rd = req.getRequestDispatcher("test.jsp");
rd.forward(req, res);
} else {
req.getSession().setAttribute("error", "Your email or password is incorrect!");
RequestDispatcher rd = req.getRequestDispatcher("index.jsp");
rd.forward(req, res);
}
}
}
is there anything wrong with my sql statement or my codes?
thanks a million! :*
答案 0 :(得分:0)
你的SQL错了,你总是要散列字符串strPassword:
String sql = "SELECT * FROM members WHERE email = strEmail AND password = md5(strPassword)";
您不是从客户端替换变量。您需要使用PreparedStatement:
PreparedStatement ps = con.prepareStatement("SELECT * FROM members WHERE email = strEmail AND password = md5(?)");
ps.setString(1, strPassword);
现在进入下一期:
if (loginSuccess = rs.next()) {
strMemberID = rs.getString("memberid");
}
这表示将rs.next()分配给loginSuccess。 =是赋值运算符,==是相等运算符。该语句始终返回true。
所以这应该是:
if (rs.next()) {
strMemberID = rs.getString("memberid");
}
此外,使用Java 7 try-with-resources而不是try..finally。这将真正整理您的代码:
try (final Connection conn = dsProject1.getConnection()) {
final String sql = "SELECT * FROM members WHERE email = strEmail AND password = md5(?)";
try (final PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, strPassword);
try (final ResultSet rs = ps.executeQuery()) {
if (rs.next()) {
loginSuccess = true;
strMemberID = rs.getString("memberid");
}
}
}
} catch (SQLException ex) {
System.out.println("SQLException: " + ex.getMessage());
}
最后,扼杀了将所有变量分配到null的奇怪习惯,然后将其重新分配到萌芽现在。没有理由这样做,它会导致丑陋和难以理解的代码以及错误。