0

这张表是我要显示的这是客户端(系统用户)表如何根据登录的用户分离数据库内容,以便每个用户只能看到他的内容。我不确定您是否需要来自 MySql 的实际表,如果需要,我将对其进行编辑。

登录

<%@ page language="java" import="java.sql.*" import="java.text.*" errorPage="" %>
<%

Connection conn = null;
Class.forName("com.mysql.jdbc.Driver").newInstance();
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/database","root",         "root");

ResultSet rsLoginFunction = null;
PreparedStatement psLoginFunction=null;

String sUserID=request.getParameter("username");
String sPassword=request.getParameter("password");
String message="User login successfully ";

try{
String sql ="Select * from clients where username=? and password=?";

psLoginFunction=conn.prepareStatement(sql);
psLoginFunction.setString(1,sUserID);
psLoginFunction.setString(2,sPassword);

rsLoginFunction=psLoginFunction.executeQuery();

if(rsLoginFunction.next())
{
  String username=rsLoginFunction.getString("Email")+"     "+rsLoginFunction.getString("clientID");

  session.setAttribute("Username",rsLoginFunction.getString("username"));
  session.setAttribute("Email",rsLoginFunction.getString("Email"));

 // session.setAttribute("iUserLevel",rsLoginFunction.getString("iUserLevel"));
 // session.setAttribute("sUserName",sUserName);

  response.sendRedirect("view_menu.jsp?error="+message);
}
else
{
  message="No user or password matched" ;
  response.sendRedirect("Login.jsp?error="+message);
}
}
catch(Exception e)
{
    e.printStackTrace();
}


/// close object and connection
try{
     if(psLoginFunction!=null){
         psLoginFunction.close();
     }
     if(rsLoginFunction!=null){
         rsLoginFunction.close();
     }

     if(conn!=null){
      conn.close();
     }
}
catch(Exception e)
{
    e.printStackTrace();
}

%>

查看,但不分开

    <%@ include file="include/commonStrings.jsp"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<script type="text/javascript">
function del() {
    if (confirm("Do You Want to Delete this Menu?")) {
    } else {
        return false;
    }
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link rel="stylesheet" href="images/style.css" type="text/css"
charset="utf-8" />
</head>
<body>
<%
    menu_slno1 = request.getParameter("menu_slno");
    if (menu_slno1 != null)
        menu_slno = Integer.parseInt(menu_slno1);
    delete_menu = request.getParameter("delete_menu");


    if ("yes".equals(delete_menu)) {
        MenuId = request.getParameter("MenuId");
        x = stmt1
                .executeUpdate("Delete from menu where MenuId="
                        + MenuId);
    }
%>


<h2>VIEW MENUS</h2>

<table width="736" height="97" border="1">
    <%
        if (x == 1) {
    %>
    <tr bgcolor="#000000">
        <th height="35" colspan="9"><div align="center">
                Menu (<%=MenuId%>) deleted successfully
            </div></th>
    </tr>
    <%
        }
    %>
    <tr bgcolor="#089937">
                        </div></td>
        <td><div align="center">
                <strong>MENU ID </strong>
            </div></td>
        <td><div align="center">
                <strong>MENU NAME </strong>
            </div></td>
        <td><div align="center">
                <strong>MENU INFO </strong>
            </div></td>
        <td><div align="center">
                <strong>MENU PRICE </strong>
            </div></td>
        <td><div align="center">
                <strong>MODIFY </strong>
            </div></td>
        <td colspan="2"><div align="center">
                <strong>DELETE</strong>
            </div></td>
    </tr>
    <%
        int icount = 0;

//here i only know how to display whole table
        rs = stmt.executeQuery("select * from menu");
        while (rs.next()) {
            //menu_slno = rs.getInt("menu_slno");
            MenuId = rs.getString("MenuId");
    %>
    <tr>
        <td><div align="center"><%=++icount%></div></td>

        <td><%=rs.getString("Name")%></td>
        <td><%=rs.getString("Info")%></td>
        <td><%=rs.getDouble("Price")%></td>

        <td><div align="center">
                <a href="edit_menu.jsp?MenuId=<%=MenuId%>">Edit</a>
            </div></td>
        <td><div align="center">
                <a
                    href="view_menu.jsp?delete_menu=yes&MenuId=        <%=MenuId%>&MenuId=<%=MenuId%>"
                    onclick="return del()">Delete</a>
            </div></td>
    </tr>
    <%
        }
    %>
</table>
<a href="add_menu.jsp">Add Menu</a>

</body>
</html>
4

1 回答 1

0

role首先在称为存储权限的数据库中创建附加字段。意味着如果用户具有管理员角色,他可以访问所有内容,否则他将受到一些限制。

然后您可以在向用户显示输出之前轻松检查它。如果您需要更多帮助,请告诉我。

编辑

您可以使用以下代码:在表中添加第三列后:

role=rsLoginFunction.getString("role")
if(role.equalsIgnoreCase("admin"))
{
    //show the contents with full functionality.
    //like Delete, Edit, Add option
}
else
{
    //show the contents with limited access
    //like Allow user to only see the data, not allow him to modify
}

编辑:

您可以使用 SQL 查询来做到这一点,例如:

select * from menu where login.username=menu.username

因此它将向您显示与该特定用户相关的记录。

编辑:

String s = request.getParameter("username");
String query = "select * from menu where menu.username= s";

然后执行此查询,这将为您提供所需的结果...

于 2013-01-07T15:29:21.027 回答