Fatal编程技术网
  • java/
  • Java 正在将值插入到数据库中,但不应插入

Java 正在将值插入到数据库中,但不应插入

java jsp session servlets

Java 正在将值插入到数据库中,但不应插入,java,jsp,session,servlets,Java,Jsp,Session,Servlets,LoginServlet.java package bean; import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import javax.servlet.ServletException; i

LoginServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
    @Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html");
        try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);


            String name=request.getParameter("name");
            String password=request.getParameter("password");
            boolean status=false;
    try{
        Connection con=ConnectionProvider.getCon();
        String sql="select * from roles where name='" + name + "' and pass='" + password + "'";
        PreparedStatement stmt =con.prepareStatement(sql);
        String role="admin";                        
        ResultSet rs=stmt.executeQuery();
        if(rs.next())
        {
            status=true;
            role=rs.getString("role");
        }

         if(status){
        out.print("Welcome, "+name);
        HttpSession session=request.getSession();
        session.setAttribute("name",name);
        if(role!=null && role.equals("admin") ){   
          response.sendRedirect("create.html");

        }
        else {
           response.sendRedirect("create1.html");          

      }

    }
    else{
        out.print("Sorry, username or password error!");
        request.getRequestDispatcher("login.html").include(request, response);
    }
    }catch( SQLException | ServletException | IOException e){}


        }
}
}

package bean; 

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


public class DepartmentServlet extends HttpServlet {   

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
   response.setContentType("text/html");
    try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);

            HttpSession session=request.getSession(false);
            if(session!=null){
                String name=(String)session.getAttribute("name"); 
                boolean status=false;
    try{
        String department=request.getParameter("department");
        String company=request.getParameter("company");
        String place=request.getParameter("place");

        Connection con=ConnectionProvider.getCon();
        String sql="insert into department(departmentname,company,place) values (?,?,?)";
        PreparedStatement pstmt =con.prepareStatement(sql);

        pstmt.setString(1,department); 
        pstmt.setString(2,company);
        pstmt.setString(3,place);

        int rs=pstmt.executeUpdate();
        if(rs>0){status=true;}
    }catch(Exception e){}
              if(status){
                out.print("Values have been inserted,"+name);
                request.getSession();}
              else 
              {
                  out.print("failed");
              }                  
              }
            else{
                out.print("Please login first");
                request.getRequestDispatcher("login.html").include(request, response);
            }
        }
}   
}

package bean;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LogoutServlet extends HttpServlet {
            @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
                try (PrintWriter out = response.getWriter()) {
                    request.getRequestDispatcher("link.html").include(request, response);

                    HttpSession session=request.getSession(false);
                    session.invalidate();

                    out.print("You are successfully logged out!");
                }
 }
 }
create.html

<a href="LogoutServlet">Logout</a>
<a href="department.jsp">Create Department</a>
<a href="c_user.jsp">Create Users</a>
<hr/>
LogoutServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
    @Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html");
        try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);


            String name=request.getParameter("name");
            String password=request.getParameter("password");
            boolean status=false;
    try{
        Connection con=ConnectionProvider.getCon();
        String sql="select * from roles where name='" + name + "' and pass='" + password + "'";
        PreparedStatement stmt =con.prepareStatement(sql);
        String role="admin";                        
        ResultSet rs=stmt.executeQuery();
        if(rs.next())
        {
            status=true;
            role=rs.getString("role");
        }

         if(status){
        out.print("Welcome, "+name);
        HttpSession session=request.getSession();
        session.setAttribute("name",name);
        if(role!=null && role.equals("admin") ){   
          response.sendRedirect("create.html");

        }
        else {
           response.sendRedirect("create1.html");          

      }

    }
    else{
        out.print("Sorry, username or password error!");
        request.getRequestDispatcher("login.html").include(request, response);
    }
    }catch( SQLException | ServletException | IOException e){}


        }
}
}

package bean; 

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


public class DepartmentServlet extends HttpServlet {   

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
   response.setContentType("text/html");
    try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);

            HttpSession session=request.getSession(false);
            if(session!=null){
                String name=(String)session.getAttribute("name"); 
                boolean status=false;
    try{
        String department=request.getParameter("department");
        String company=request.getParameter("company");
        String place=request.getParameter("place");

        Connection con=ConnectionProvider.getCon();
        String sql="insert into department(departmentname,company,place) values (?,?,?)";
        PreparedStatement pstmt =con.prepareStatement(sql);

        pstmt.setString(1,department); 
        pstmt.setString(2,company);
        pstmt.setString(3,place);

        int rs=pstmt.executeUpdate();
        if(rs>0){status=true;}
    }catch(Exception e){}
              if(status){
                out.print("Values have been inserted,"+name);
                request.getSession();}
              else 
              {
                  out.print("failed");
              }                  
              }
            else{
                out.print("Please login first");
                request.getRequestDispatcher("login.html").include(request, response);
            }
        }
}   
}

package bean;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LogoutServlet extends HttpServlet {
            @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
                try (PrintWriter out = response.getWriter()) {
                    request.getRequestDispatcher("link.html").include(request, response);

                    HttpSession session=request.getSession(false);
                    session.invalidate();

                    out.print("You are successfully logged out!");
                }
 }
 }
使用
DepartmentServlet
,我将向数据库中插入值。问题是,我能够在不登录的情况下打开
create.html
department.jsp
,并且即使我没有登录,值也会被插入到数据库中。我知道问题在于会话没有被正确地传递(使用)。我怎样才能解决它?有人能纠正它吗?

如果(session!=null)更改条件

如果(session!=null&&session.getAttribute(“name”)!=null)

您必须实现过滤器来限制对.jsp/.html的访问,该过滤器将检查活动会话。如果未找到活动会话,则它将请求重定向到登录页面(在您的案例中为link)。使用下面的doFilter方法实现

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        HttpSession session = request.getSession(false);

        if (session == null || session.getAttribute("name") == null) {
            response.sendRedirect(request.getContextPath() + "/link"); 
        } else {
            chain.doFilter(req, res); 
        }
    }
代码墙问题在将来对其他人没有用处,通常不会得到好的答案。相反,创建一个。
}catch(SQLException | ServletException | IOException e){}
这里可能有很多重要信息没有打印出来好吧,但让我们再等24小时左右,如果我不能得到满意的答案,我将发布一个新问题或编辑此问题one@RahulGupta24小时后会发生什么?等待任何类型的答案好或坏我能够打开create.html和depa的其他问题不直接输入url登录rtment.jsp,您是否可以检查。@RahulGupta如果有效,请接受答案。如果没有人回答第二部分,则问题只解决了一半。我将接受它。