无法使用JSP从Oracle数据库获取值,从而获取java.sql.SQLException:结果集位于最后一行之后

时间:2019-01-14 14:47:28

标签: java sql oracle jsp oracle12c

我写了一个简单的jsp程序,试图从数据库中检索用户名和密码,这是我的jsp程序。

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import ="java.sql.*" %>
<%@ page import ="oracle.sql.*" %>
<%@ page import ="oracle.jdbc.driver.*" %>
<%@page import="oracle.jdbc.driver.OracleDriver"%>
<%@ page import ="java.util.Date" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
String driver="oracle.jdbc.driver.OracleDriver";
String userid = request.getParameter("username"); 
String pwd=request.getParameter("password"); 

Connection con = null;




%>
<%try
{
Class.forName("oracle.jdbc.driver.OracleDriver");

con = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:CCB25", "CISADM", "CISADM");
Statement st= con.createStatement();
String query="select * from CMLOGIN where USERID='"+userid+"'";
ResultSet rs=st.executeQuery(query); 
String pass1="";
rs.next();


pass1 = rs.getString("password");

if(pass1.equals(pwd))
{ 
%>
<%String name=request.getParameter("username");
session.setAttribute("nam",name);%> 
<jsp:forward page="admin.jsp"></jsp:forward>
<%}
else
{
String msg="Username or password failed";%>
<center> <p style="font-family:verdana;color:red;"><%=msg %>
<jsp:include page="Login.jsp"></jsp:include>

<%}
}
catch(Exception e)
{
e.printStackTrace();
}
%>

</body>

并且我在web-inf / lib文件夹中有javax.servlet.jar和ojdbc7-12.1.0.2.jar。我正在获取java.sql.SQLException:结果设置在以下行的最后一行之后:“ pass1 = rs.getString(” password“);”您能指导我做错了什么吗?

2 个答案:

答案 0 :(得分:2)

为防止出现此异常,您首先需要在调用ResultSet之前检查.next()中是否有任何行。

使用此:

if (rs.next){
  //read next row
}

如果要遍历ResultSet的所有行,请使用while循环:

while(rs.next){
  //do something for every row
}

答案 1 :(得分:1)

这里还是一样清理了一下。您必须重新添加异常处理和关闭连接/语句/结果集

  • 希望您不必真正使用此代码,因为它从查询字符串中以明文形式输入密码,然后与数据库中的明文版本进行比较。
  • 密码比较已移至sql本身。
  • 始终使用PreparedStatements避免SQL注入

注释在代码中。

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ page import ="java.sql.*" %>
<%@ page import ="java.util.Date" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<%
String userid   = request.getParameter("username"); 
String pwd      = request.getParameter("password"); 

Connection con       = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521/XE", "klrice", "klrice");

//
// USE BINDS ! to avoid sql injection
// push the userid and passwd comparison to the db 
// no need to get the password and compare locally
// 
String query         = "select password from cmlogin where userid=? and password=?";

PreparedStatement st = con.prepareStatement(query);

// 
//  Binds in the vaules
// 

st.setString(1,userid);
st.setString(2,pwd);

ResultSet rs         = st.executeQuery(); 

String pass1;

//  .next will advance if the query has any results
// 

if ( rs.next() ) {
            pass1 = rs.getString("password");
      String name =request.getParameter("username");
      session.setAttribute("nam",name);
%> 
    <jsp:forward page="admin.jsp"></jsp:forward>
<%
    } else {
        String msg="Username or password failed";
%>
        <center> <p style="font-family:verdana;color:red;"> <%=msg %>
        <jsp:include page="Login.jsp"></jsp:include>
<%  }  %>
</body>
相关问题
最新问题