我正在使用HTML和JSP構建登錄頁面。但每次我得到錯誤「用戶名不正確」,當用戶名與表不匹配時,應顯示爲SQL服務器。下面是登錄表單頁面的代碼:使用JSP進行用戶驗證
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Expense System</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<div class=form>
<form name = login method = post action = "login1.jsp">
Username : <input name = user type = text placeholder = username> <br><br>
Password : <input name = pass type = password placeholder = password><br><br>
<input type = submit value = "Submit">
<input type = button value = "Register">
</form>
</div>
</body>
</html>
下面是login1.jsp代碼:
<%@ page language="java" contentType="text/html; charse=UTF-8"
pageEncoding="UTF-8" import="java.sql.*"%>
<% Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>login check</title>
</head>
<body>
<% String connectionUrl = "jdbc:sqlserver://localhost:1433;" +
"databaseName=signin;integratedSecurity=true;";
Connection con = DriverManager.getConnection(connectionUrl);
String uname = new String("");
String upass = new String("");
ResultSet resultset;
Statement statement = con.createStatement();
statement.executeQuery("select username, password from signintable");
resultset = statement.getResultSet();
while(resultset.next()){
uname = resultset.getString("username");
upass = resultset.getString("password");
}
if(!request.getParameter("user").equals("")){
if(uname.equals(request.getParameter("user"))){
if(upass.equals(request.getParameter("pass"))) {%>
<jsp:forward page="welcome.html"></jsp:forward>
<% }
else {
out.println("pass incorrect");
}
}
else {
out.println("username incorrect");
}
}
else { out.println("user not found!");
}
%>
</body>
</html>
每次有人登錄時,將應用程序的整個表格循環回來並不是一個好主意!您應該調查具有WHERE條件的參數化查詢,以選擇特定的感興趣的行(如果存在並散列密碼)。 – 2011-12-21 20:11:27
在Java中使用類似'String uname = new String(「」);'和'String upass = new String(「」);'的語句總是可以避免的,因爲您創建的是新對象而不是實習那些字符串一個不好的做法。只需使用String uname =「」和'String upass =「」'。在這種情況下,你正在彙集這些字符串對象。 – Lion 2011-12-21 20:15:41
@MartinSmith我使用WHERE條件,但我能夠成功地運行我的程序。但是我想要做的是首先檢查用戶名,如果它是正確的,那麼檢查密碼。如何使用WHERE條件來做到這一點。謝謝。 – 2011-12-21 20:22:24