我是jsf的新手并且正在尝试创建用于验证mysql数据库中的用户名和密码的登录系统。当我运行此代码时,即使登录详细信息正确,它也会进入失败登录页面。 DbUsername和Dbpwd的值在标签中显示为null。
的index.xhtml
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org
/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html">
<head><title>JSF Login</title></head>
<body>
<h1>Login</h1>
<h:form>
<table>
<tr>
<td><h:outputText value="Username: " /></td>
<td><h:inputText id="loginname"
value="#{login.userName}" />
</td>
</tr>
<tr>
<td><h:outputText value="Password: " /></td>
<td><h:inputSecret id="password"
value="#{login.password}" />
</td>
</tr>
<tr>
<td> </td>
<td><h:commandButton value="Login"
action="#{login.checkLogin}"/>
</td>
</tr>
</table>
<h:outputLabel value="#{login.label1}" />
</h:form>
</body>
</html>
loginBean
package login;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import java.sql.*;
@ManagedBean(name="login")
@SessionScoped
public class loginBean {
private String userName;
private String password;
private String label1;
private String dbpwd;
private String dbusername;
private static int numOfAttempts = 0;
/** Creates a new instance of loginBean */
public loginBean() {
}
/**
* @return the userName
*/
public String getUserName() {
return userName;
}
/**
* @param userName the userName to set
*/
public void setUserName(String userName) {
this.userName = userName;
}
/**
* @return the password
*/
public String getPassword() {
return password;
}
/**
* @param password the password to set
*/
public void setPassword(String password) {
this.password = password;
}
/**
* @return the label1
*/
public String getLabel1() {
return label1;
}
/**
* @param label1 the label1 to set
*/
public void setLabel1(String label1) {
this.label1 = label1;
}
Connection con;
Statement ps;
ResultSet rs;
String SQL_Str;
public void dbData(String UName)
{
try
{
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost:3306
/securelogin","root","root");
ps = con.createStatement();
SQL_Str="Select * from tblusers where tbluserName =('" + UName +"')";
rs=ps.executeQuery(SQL_Str);
rs.next();
dbusername=rs.getString("tbluserName");
dbpwd=rs.getString("txtPassword");
}
catch(Exception ex)
{
ex.printStackTrace();
System.out.println("Exception Occur :" + ex);
}
}
public String checkLogin()
{
dbData(userName);
if (userName.equals(dbusername) && password.equals(dbpwd))
{
this.setLabel1("Login Success");
return "loginsuccess";
}
else
{
numOfAttempts++;
if (numOfAttempts >= 3)
{
this.setLabel1("Account Locked");
return "loginlocked";
}
else
{
this.setLabel1("Login Failure" + numOfAttempts + dbusername + dbpwd +
userName + password);
return "loginfailure" ;
}
}
}
}
答案 0 :(得分:3)
您的代码中有几件事情不正确:
例如:
String sql = "Select * from users where username = ?";
表示?
符号将替换为您给定的值。这就是它的制作方式:
Statement statement = conn.createStatement(sql);
statement.setString(1, username);
其中username
是一个String参数。这是创建SQL语句的正确方法,没有SQL注入的危险。
dbData()
方法中的代码中所看到的那样,您忘记关闭连接和语句了......它是* 非常 *重要,因为它立即释放Connection / Statement对象的数据库和JDBC资源,而不是等待它自动关闭时发生。通常,最好在完成资源后立即释放资源,以避免占用数据库资源。其他信息: