Java 我想使用servlet创建一个登录页面
我想使用Servlet和JSP创建一个登录页面 我创建了一个获取用户名和密码的页面Java 我想使用servlet创建一个登录页面,java,mysql,jsp,servlets,jdbc,Java,Mysql,Jsp,Servlets,Jdbc,我想使用Servlet和JSP创建一个登录页面 我创建了一个获取用户名和密码的页面 <form action="LoginPage" method="POST"> User name: <input type="text" name="userName" size="20"><br> Password: <input type="password" name="password" size="20"> <br>&
<form action="LoginPage" method="POST">
User name: <input type="text" name="userName" size="20"><br>
Password: <input type="password" name="password" size="20">
<br><br>
<input type="submit" value="Submit">
</form>
<form action="LoginPage" method="POST">
User name: <input type="text" name="userName" size="20"><br>
Password: <input type="password" name="password" size="20">
<br><br>
<input type="submit" value="Submit">
</form>
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String userName = request.getParameter("userName").toString();
String passWord = request.getParameter("password").toString();
Connection con = null;
String url = "jdbc:mysql://localhost:3306/";
String dbName = "userdb";
String driver = "com.mysql.jdbc.Driver";
String user = "root";
String password = "1234";
try {
Class.forName(driver).newInstance();
Connection conn = DriverManager.getConnection(url+dbName, user, password);
PreparedStatement pstmt;
String sql = "SELECT USR_NAME FROM LOGIN WHERE USR_NAME='userName'";
pstmt = conn.prepareStatement(sql);
ResultSet rs=pstmt.executeQuery();
String usr = null;
String pass = null;
while(rs.next())
{
pass = rs.getString(3);
}
if(pass != null && pass.equals(passWord))
{
out.println("<html>");
out.println("<head>");
out.println("<title>Login Sucessfull</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Login Sucessfull " + request.getContextPath () + "</h1>");
out.println("<p>Welcome</p> " + userName);
out.println("</body>");
out.println("</html>");
out.close();
}
} catch (Exception e) {
out.println("<html>");
out.println("<head>");
out.println("<title>Login is not Sucessfull</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Login is not Sucessfull " + request.getContextPath () + "</h1>");
out.println("<p>Wrong Username Or Password</p> ");
out.println("</body>");
out.println("</html>");
out.close();
我将代码登录不成功页面放在Catch块中 toString for request.getParameter不是必需的 您可以将查询修改为
String sql = "SELECT <PASSWORD_CLM> FROM LOGIN WHERE USR_NAME="+userName;
while(rs.next())
{
//read the password in pass.
}
if(pass !=null && pass.equals(passWord))
{
// Code
}
不需要request.getParameter的toString 您可以将查询修改为
String sql = "SELECT <PASSWORD_CLM> FROM LOGIN WHERE USR_NAME="+userName;
while(rs.next())
{
//read the password in pass.
}
if(pass !=null && pass.equals(passWord))
{
// Code
}
我发现线路有问题:
String sql = "SELECT USR_NAME FROM LOGIN WHERE USR_NAME='userName'";
pstmt = conn.prepareStatement(sql);
ResultSet rs=pstmt.executeQuery();
String usr = null;
String pass = null;
String sql = "SELECT * from LOGIN WHERE USR_NAME="+ userName+";";
迪安我发现线路有问题:
String sql = "SELECT USR_NAME FROM LOGIN WHERE USR_NAME='userName'";
pstmt = conn.prepareStatement(sql);
ResultSet rs=pstmt.executeQuery();
String usr = null;
String pass = null;
String sql = "SELECT * from LOGIN WHERE USR_NAME="+ userName+";";
迪安不清楚你的意思是什么,如何让它发挥作用。会发生什么?什么事不会发生?至少我可以在您的代码中发现几个问题: 您正在servlet中发出HTML。您应该为此使用JSP。 您正在泄漏JDBC资源。最后你需要把它们关起来。 您没有在SQL字符串中设置输入的用户名和密码。 您不允许数据库执行比较密码的任务。将它添加到WHERE。 你正在接受这个例外。有关问题原因的所有详细信息都将丢失。您应该将其作为ServletException重新显示,或者至少记录异常类型、消息和原因。此信息非常重要,因为它可以说明问题的根本原因。你知道,一旦了解了根本原因,解决办法就显而易见了。 此外,如果您将页面更改为用户只能面对错误消息的页面,则用户体验也很糟糕。用户必须进行额外处理才能返回登录页面重新输入详细信息。而是内联错误消息重新显示同一页面 按如下所示重写doPost方法:
String userName = request.getParameter("userName");
String passWord = request.getParameter("password");
String driver = "com.mysql.jdbc.Driver";
String url = "jdbc:mysql://localhost:3306/";
String dbName = "userdb";
String user = "root";
String password = "1234";
String sql = "SELECT * FROM LOGIN WHERE USR_NAME = ? AND USR_PASS = ?"; // Not sure how the password column is named, you need to check/update it. You should leave those ? there! Those are preparedstatement placeholders.
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
boolean login = false;
try {
Class.forName(driver); // You don't need to call it EVERYTIME btw. Once during application's startup is more than enough.
connection = DriverManager.getConnection(url + dbName, user, password);
statement = connection.prepareStatement(sql);
statement.setString(1, userName);
statement.setString(2, password);
resultSet = statement.executeQuery();
login = resultSet.next();
} catch (Exception e) {
throw new ServletException("Login failed", e);
} finally {
if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
if (login) {
request.getSession().setAttribute("username", userName); // I'd prefer the User object, which you get from DAO, but ala.
response.sendRedirect("home.jsp"); // Redirect to home page.
} else {
request.setAttribute("message", "Unknown username/password, try again"); // This sets the ${message}
request.getRequestDispatcher("login.jsp").forward(request, response); // Redisplay JSP.
}
<form action="LoginPage" method="POST">
User name: <input type="text" name="userName" size="20"><br>
Password: <input type="password" name="password" size="20">
<br><br>
<input type="submit" value="Submit"> ${message}
</form>
不清楚你的意思是什么,如何让它工作。会发生什么?什么事不会发生?至少我可以在您的代码中发现几个问题: 您正在servlet中发出HTML。您应该为此使用JSP。 您正在泄漏JDBC资源。最后你需要把它们关起来。 您没有在SQL字符串中设置输入的用户名和密码。 您不允许数据库执行比较密码的任务。将它添加到WHERE。 你正在接受这个例外。有关问题原因的所有详细信息都将丢失。您应该将其作为ServletException重新显示,或者至少记录异常类型、消息和原因。此信息非常重要,因为它可以说明问题的根本原因。你知道,一旦了解了根本原因,解决办法就显而易见了。 此外,如果您将页面更改为用户只能面对错误消息的页面,则用户体验也很糟糕。用户必须进行额外处理才能返回登录页面重新输入详细信息。而是内联错误消息重新显示同一页面 按如下所示重写doPost方法:
String userName = request.getParameter("userName");
String passWord = request.getParameter("password");
String driver = "com.mysql.jdbc.Driver";
String url = "jdbc:mysql://localhost:3306/";
String dbName = "userdb";
String user = "root";
String password = "1234";
String sql = "SELECT * FROM LOGIN WHERE USR_NAME = ? AND USR_PASS = ?"; // Not sure how the password column is named, you need to check/update it. You should leave those ? there! Those are preparedstatement placeholders.
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
boolean login = false;
try {
Class.forName(driver); // You don't need to call it EVERYTIME btw. Once during application's startup is more than enough.
connection = DriverManager.getConnection(url + dbName, user, password);
statement = connection.prepareStatement(sql);
statement.setString(1, userName);
statement.setString(2, password);
resultSet = statement.executeQuery();
login = resultSet.next();
} catch (Exception e) {
throw new ServletException("Login failed", e);
} finally {
if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
if (login) {
request.getSession().setAttribute("username", userName); // I'd prefer the User object, which you get from DAO, but ala.
response.sendRedirect("home.jsp"); // Redirect to home page.
} else {
request.setAttribute("message", "Unknown username/password, try again"); // This sets the ${message}
request.getRequestDispatcher("login.jsp").forward(request, response); // Redisplay JSP.
}
<form action="LoginPage" method="POST">
User name: <input type="text" name="userName" size="20"><br>
Password: <input type="password" name="password" size="20">
<br><br>
<input type="submit" value="Submit"> ${message}
</form>
此处PASSWORD是数据库表LOGIN中包含密码的列名您确实需要在SQL语句的末尾加上分号,即使是准备好的语句。@Dean:这不是真的。仅当您希望在一个查询中传递多个语句时,才需要此选项。分号是语句分隔符。还要注意,它是否被接受取决于数据库。您确实需要将分号放在SQL语句的末尾,即使是准备好的语句。@Dean:这不是真的。仅当您希望在一个查询中传递多个语句时,才需要此选项。分号是语句分隔符。还要注意,它是否被接受取决于数据库。