Servlet错误 - 检查多个变量

时间:2017-10-16 20:18:27

标签: java servlets

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.mysql.jdbc.PreparedStatement;

/**
 * Servlet implementation class Login
 */
@WebServlet("/Login")
public class Login extends HttpServlet {
    private static final long serialVersionUID = 1L;

    /**
     * @see HttpServlet#HttpServlet()
     */
    public Login() {
        super();
        // TODO Auto-generated constructor stub
    }

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // TODO Auto-generated method stub
        response.getWriter().append("Served at: ").append(request.getContextPath());
    }

    /**
     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {



        response.setContentType("text/html");  
        Connection conn = null;
        String url="jdbc:mysql://localhost:3306/";
        String dbName="Tamir";
        String driver="com.mysql.jdbc.Driver";



    try{  
         request.setAttribute("message", "");
        String nick = request.getParameter("check_name");
        String password = request.getParameter("check_password");


      Class.forName(driver).newInstance();  
      conn = DriverManager.getConnection(url+dbName,"root", "tamir");
      //admin check
      /*
      java.sql.PreparedStatement st2 = conn.prepareStatement("SELECT * FROM users WHERE nickname = ? or email = ? and password = ? and admin = T");
      st2.setString(1, nick);
      st2.setString(2, nick);
      st2.setString(3, password);
      ResultSet r2=st2.executeQuery();

      if(r2.next()) {
        request.getSession().setAttribute("admin", nick);
    }
    */
      //regular check
      java.sql.PreparedStatement st = conn.prepareStatement("SELECT * FROM users WHERE nickname = ? or email = ? and password = ?");
      st.setString(1, nick);
      st.setString(2, nick);
      st.setString(3, password);
      ResultSet r1=st.executeQuery();

      if(r1.next()) {


            request.getSession().setAttribute("user", nick);
             request.getRequestDispatcher("/tf2main.jsp").forward(request, response);


      } else {



         request.setAttribute("message", "Username or password are incorrect.");
        request.getSession().setAttribute("user", null);  
         request.getRequestDispatcher("/Login.jsp").forward(request, response);

      }

    }catch (Exception ex) {
        System.out.println("Error");
    }
    }

}

您好。所以我已经制作了上面的代码并且它工作得很好,但是当我添加评论[我真正需要的时候,为了检查他是否是管理员...对我来说很可怕]它只是抛出由于某种原因的例外。

我唯一想到的另一个灵魂就是重新安排到另一个servlet,以某种方式做同样的动作,但那是不可能的,所以我有点卡住,你也不能使用ERB

我已经尝试了一切,没有任何作用。

编辑:抛出的错误是:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'T' in 'where clause'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.Util.getInstance(Util.java:408)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:943)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2527)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2680)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2487)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1858)
at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:1966)
at Login.doPost(Login.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

1 个答案:

答案 0 :(得分:0)

将查询更新为:

java.sql.PreparedStatement st2 =
    conn.prepareStatement("SELECT * FROM users WHERE nickname = ? or email = ? and password = ? and admin = 'T'");

请注意查询中T周围的单引号。