0

这是代码:

 String sql_1 = "select emp_id,password from regid";
    ResultSet rs = st.executeQuery(sql_1);

    while(rs.next())
    {

    if(((employee.equals(rs.getString("emp_id"))) && (password.equals(rs.getString("password"))))==true)
    {

//      String sql2="update regid set regid='"+Datastore.regIds.add(regId)+"' where emp_id='"+employee+"'";
//      st.executeUpdate(sql2);
        System.out.println("2> Employee Id : "+employee+" && Password : "+password);
        System.out.println("3> This employee "+employee+" exsists in the database and registration-password id will be Updated");

    //  resp.setStatus(HttpServletResponse.SC_OK);
        resp.setContentType("text/html");
        PrintWriter out = resp.getWriter();
        out.print("<html><body>");
        out.print("<head>");
        out.print("<title>Policy Page</title>");
        out.print("<link rel='icon' href='../images/favicon.png'/>");
        out.print("</head>");
        String status = (String) req.getAttribute(ATTRIBUTE_STATUS);
        if (status != null)
        {
          out.print("Status :"+status);
        }
        List<String> devices = Datastore.getDevices();
        if (devices.isEmpty())
        {
          out.print("<h2>No  devices registered!</h2>");
        } 
        else
        {

         out.print("<h2>" + devices.size() + " device(s) registered!</h2>");
         out.print("<form name='form' method='POST' action='sendAll'>");
         out.print("<input type='text' name='policy'>");
         resp.setStatus(HttpServletResponse.SC_OK);
         out.print("<input type='submit' value='Apply Policy'>");
         out.print("</form>");
//       System.out.println(HTTP_STATUS);
         System.out.println(HttpServletResponse.SC_OK);
         getServletContext().getRequestDispatcher("/home").forward(req, resp);

        }
        out.print("</body></html>");
        resp.setStatus(HttpServletResponse.SC_OK);

    }

    else {
        resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        System.out.println(HttpServletResponse.SC_BAD_REQUEST);
        System.out.println("4> This employee "+employee+" does not exsist in the database");            
    }

    }

//    rs.close();
    }

但是我得到了类似的输出,但是我输入了正确的 emp_id 和密码(仍然显示 4> + java.lang.illegalstateexception(不知道为什么??:()):

1> Employee : P1 && Password : ppp
400
4> This employee P1 does not exsist in the database
2> Employee Id : P1 && Password : ppp
3> This employee P1 exsists in the database and registration-password id will be Updated
400
4> This employee P1 does not exsist in the database

任何想法.....为什么会这样?

4

2 回答 2

2

发生这种情况是因为您的算法包括:

  1. 遍历所有员工
  2. 如果员工匹配 ID/密码,则打印 2>,否则打印 4>

因此,您将获得一个2>, 3>匹配的输出,而所有其他输出都会给您错误 400。

相反,您可以遍历所有员工(尽管最好在 SQL 中添加一个条件以通过密码和员工 ID 缩小结果集的范围),除非您用尽了所有结果并执行了,否则不要输出错误找不到匹配的。

PreparedStatement stmt = null;
try {
    stmt = new PreparedStatement("select * from regis where emp_id=? and password=?");
    stmt.setString(1, employee);
    stmt.setString(2, password);

    ResultSet rs = stmt.executeQuery();
    if(rs.next()) {
        System.out.println("2> Employee Id : "+employee+" && Password : "+password);
        System.out.println("3> This employee "+employee+" exsists in the database and                        
        resp.setContentType("text/html");
        PrintWriter out = resp.getWriter();
        out.print("<html><body>");
        out.print("<head>");
        out.print("<title>Policy Page</title>");
        out.print("<link rel='icon' href='../images/favicon.png'/>");
        out.print("</head>");
        String status = (String) req.getAttribute(ATTRIBUTE_STATUS);
        if (status != null)
        {
          out.print("Status :"+status);
        }
        List<String> devices = Datastore.getDevices();
        if (devices.isEmpty())
        {
          out.print("<h2>No  devices registered!</h2>");
        } 
        else
        {

         out.print("<h2>" + devices.size() + " device(s) registered!</h2>");
         out.print("<form name='form' method='POST' action='sendAll'>");
         out.print("<input type='text' name='policy'>");
         resp.setStatus(HttpServletResponse.SC_OK);
         out.print("<input type='submit' value='Apply Policy'>");
         out.print("</form>");
//       System.out.println(HTTP_STATUS);
         System.out.println(HttpServletResponse.SC_OK);
         getServletContext().getRequestDispatcher("/home").forward(req, resp);

        }
        out.print("</body></html>");
        resp.setStatus(HttpServletResponse.SC_OK);

    }

    else {
        resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        System.out.println(HttpServletResponse.SC_BAD_REQUEST);
        System.out.println("4> This employee "+employee+" does not exsist in the database");            
    }
}
catch(Exception e) {
    e.printStackTrace();
}
finally {
    try {
        stmt.close();
    } catch(Exception x) {}
}
于 2012-09-27T13:44:01.003 回答
2

你的缩进对你没有帮助。您正在遍历所有员工,并比较他们每个人的用户名和密码 - 所以有时您会得到匹配,有时您不会。

此代码存在多个问题:

  • 如果您只寻找一个结果,请不要向数据库询问所有行!您应该传递查询参数并在数据库中进行过滤。然后,您可以通过查看结果中是否有任何行来确定是否匹配。
  • 你的缩进让你很难看到发生了什么

  • 您正在使用大量不必要的括号和比较true,例如

    if(((employee.equals(rs.getString("emp_id"))) && (password.equals(rs.getString("password"))))==true)

    会更好

    if(employee.equals(rs.getString("emp_id") && 
   password.equals(rs.getString("password"))

  • 您似乎使用的是纯文本密码。不要这样做。

于 2012-09-27T13:46:01.393 回答