Java 通过while(rs.next())不处理所需输出
我正在处理以下代码,以从servlet解析登录凭据Java 通过while(rs.next())不处理所需输出,java,sql,jdbc,Java,Sql,Jdbc,我正在处理以下代码,以从servlet解析登录凭据 import java.io.IOException; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import javax.servlet.ServletException; impor
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.swing.JOptionPane;
@WebServlet("/login")
public class oneServlet extends HttpServlet {
public static Connection getConnection() throws Exception {
String driver = "org.postgresql.Driver";
String url = "jdbc:postgresql://10.1.11.112:5432/pack";
String username = "pack";
String password = "pack";
Class.forName(driver);
Connection conn = DriverManager.getConnection(url, username, password);
return conn;
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String user=request.getParameter("t1");
String pass=request.getParameter("t2");
System.out.println("done 1");
Connection conn = null;
PreparedStatement pstmt = null;
System.out.println("done 2");
try {
conn = getConnection();
String queryTest = "select username,password from login ";
pstmt = conn.prepareStatement(queryTest);
System.out.println("done 3");
ResultSet rs = pstmt.executeQuery();
System.out.println("done4");
while (rs.next()) {
System.out.println("done5");
String username=rs.getString(1);
String password=rs.getString(2);
if(user.equals(username) && pass.equals(password))
{
response.sendRedirect("LoginSuccess.jsp");
return;
}
else
{
JOptionPane.showMessageDialog(null, "retry");
}
}
}
catch (Exception e) {
e.printStackTrace();
}
finally {
try {
pstmt.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
我面临的问题是,“while(rs.next())”正在迭代并显示表中每个可用用户名的输出,但我需要它只显示一次,或者重定向,或者重试。如有任何建议,我们将不胜感激
while (rs.next()) {
System.out.println("done5");
String username=rs.getString(1);
String password=rs.getString(2);
if(user.equals(username) && pass.equals(password))
{
response.sendRedirect("LoginSuccess.jsp");
return;
}
else
{
JOptionPane.showMessageDialog(null, "retry");
}
break;
}
这不是一个正确的实现,但应该可以解决您的问题。进行查询,以便只选择具有正确用户名和密码的结果:
String queryTest = "select username,password from login where username=? and password=?";
PreparedStatement pstmt = conn.prepareStatement(queryTest);
pstmt.setString(1, user);
pstmt.setString(2, pass);
您正在运行的查询不是针对您正在为每个用户查询的任何特定用户。我想你忘记在查询中添加用户名和密码了 但是,如果您需要迭代一次,则将while替换为只迭代一次
if (rs.Next){
//your code
}
将您的查询更改为
String queryTest = "select username,password from login where username = ?";
pstmt = conn.prepareStatement(queryTest);
pstmt.setString(1,user);
更新:
更好的解决方案是不从数据库中获取密码(因为安全问题),而只获取所需的数据。您不必要地将整个数据库表复制到Java内存中,而不是编写SQL查询,以便数据库准确地返回您要查找的行,这样,如果(resultSet.next()),您就可以侥幸逃脱
使用SQLWHERE
子句
String query = "select username from login where username=? and password=?";
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
try {
connection = getConnection();
statement = connection.prepareStatement(query);
statement.setString(1, user);
statement.setString(2, pass);
resultSet = statement.executeQuery();
if (resultSet.next()) {
response.sendRedirect("LoginSuccess.jsp");
} else {
request.setAttribute("message", "retry");
}
} catch (SQLException e) {
throw new ServletException("DB interaction failed", e);
} finally {
if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
注意,我还修复了显示消息的疯狂方式,并修复了异常处理和关闭DB资源的问题。JOptionPane
只会将消息显示在Web服务器的屏幕上,而不会显示在Web浏览器的屏幕上,这当然会在实际生产环境中失败,因为它们不是在同一台机器上运行的。我强烈建议你去。该站点充斥着代码中暴露的错误做法
另见:
- -包含带有验证的Hello World示例
但是。。。您在查询中显式选择数据库中的每个用户名和密码组合。你还期待什么结果呢?所以,如果第一个检索到的用户不是正确的,那就放弃吧=p请不要建议在构造他的SQL语句时使用字符串连接,因为他已经开始正确地使用准备好的语句。没错,我更正了:)(我想保持简短,但你是对的,它不能是c/p!)将值串接到查询中是不可取的,这会导致SQL注入,请使用带有参数占位符的准备好的语句,而不要使用。谢谢您的建议。然后使用准备好的语句,查询可以写成字符串queryTest=“selectusername,passwordfromslogin,其中username=?”;pstmt=连接准备状态(查询测试);pstmt.setString(1,用户);