-3

I wrote a servlet whose purpose is to login into the application only if the query executes...now what is the condition to be used for invalid username and id...I'm unable to write the condition..pls help me out...the servlet is...

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // TODO Auto-generated method stub
        try{
            Class.forName("oracle.jdbc.driver.OracleDriver");
            Connection con = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:orcl ","scott","tiger");
            System.out.println("cnnection est");
        int Id = Integer.parseInt(request.getParameter("id"));
        String Name=request.getParameter("firstname");
        boolean b=true;

        //Connection con =JdbcConnectionUtil.getConnection();

        PreparedStatement pst = con.prepareStatement("select * from login where id=? and firstname=?");
        pst.setInt(1, Id);
        pst.setString(2, Name);

        ResultSet rs = pst.executeQuery();
        if(rs!=null && rs.next())
        {

        //while(rs.next()){
            PrintWriter pw = response.getWriter();
            System.out.println("here");
            pw.println("hello");
            pw.println(rs.getInt(1));
            pw.println(rs.getString(2));
            pw.println(rs.getString(3));

        }
        //}
        else
        {
            RequestDispatcher rd = request.getRequestDispatcher("/LoginFailed.html");

        }
//      


        }
        catch(Exception ex){

            ex.printStackTrace();

        }
    }
4

2 回答 2

1

首先检查正确的参数,然后执行逻辑。也不要忘记关闭语句和连接以避免内存泄漏。

这是重构的代码:

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    //get parameters from request
    try {
        String idParam = request.getParameter("id");
        String name = request.getParameter("firstname");

        //check if request contains such parameters
        if (idParam == null || name == null) {
            throw new IllegalArgumentException(
                    "Id and Name parameters must not be null.");
        }

        //try casting idParam to int
        Integer id = null;
        try {
            id = Integer.parseInt(idParam);
        } catch (NumberFormatException nfe) {
            throw nfe;
        }

        PreparedStatement pst = null;
        Connection con = null;
        try {
            Class.forName("oracle.jdbc.driver.OracleDriver");
            con = DriverManager.getConnection(
                    "jdbc:oracle:thin:@localhost:1521:orcl ", "scott", "tiger");

            pst = con.prepareStatement(
                    "select * from login where id=? and firstname=?");
            pst.setInt(1, id);
            pst.setString(2, name);

            //check if result returned any data
            ResultSet rs = pst.executeQuery();
            if (!rs.next()) {
                throw new Exception(
                        "No such user for id: " + id + " and name: " + name);
            }

            PrintWriter pw = response.getWriter();
            pw.println("hello");
            pw.println(rs.getInt(1));
            pw.println(rs.getString(2));
            pw.println(rs.getString(3));

        } catch (Exception ex) {
            throw ex;
        } finally {
            try {
                if (pst != null) {
                    pst.close();
                }
                if (con != null) {
                    con.close();
                }
            } catch (SQLException sqle) {
                throw sqle;
            }
        }
    } catch (Exception ex) {
        ex.printStackTrace();
        RequestDispatcher rd = request.getRequestDispatcher("/LoginFailed.html");
        rd.forward(request, response);
    }
}

我认为这样的事情是合适的。

于 2012-05-28T12:39:49.340 回答
1

使用rd.forward将解决我认为的问题。

如何将请求从 Servlet 转发到 JSP

于 2012-05-28T12:16:08.290 回答