1

我正在处理以下代码以从 servlet 解析登录凭据。

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.swing.JOptionPane;

@WebServlet("/login")
public class oneServlet extends HttpServlet {

public static Connection getConnection() throws Exception {

    String driver = "org.postgresql.Driver";
    String url = "jdbc:postgresql://10.1.11.112:5432/pack";
    String username = "pack";
    String password = "pack";
    Class.forName(driver);
    Connection conn = DriverManager.getConnection(url, username, password);
    return conn;
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    String user=request.getParameter("t1");
    String pass=request.getParameter("t2");

    System.out.println("done 1");

    Connection conn = null;
    PreparedStatement pstmt = null;

    System.out.println("done 2");

    try {
         conn = getConnection();
         String queryTest = "select username,password from login ";
         pstmt = conn.prepareStatement(queryTest);

         System.out.println("done 3");

         ResultSet rs = pstmt.executeQuery();

         System.out.println("done4");

         while (rs.next()) {

         System.out.println("done5");    

         String username=rs.getString(1);
         String password=rs.getString(2);    

         if(user.equals(username) && pass.equals(password))
         {
             response.sendRedirect("LoginSuccess.jsp");
             return;

         }  
         else
         {
            JOptionPane.showMessageDialog(null, "retry");
         }
         }
         }

     catch (Exception e) {
        e.printStackTrace();
    }

    finally {
        try {
            pstmt.close();
            conn.close();
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
}

我面临的问题是“while(rs.next())”正在迭代并显示表中每个可用用户名的输出,但我需要它只显示一次,重定向或重试。任何建议表示赞赏。

4

5 回答 5

4

您不必要地将整个 DB 表复制到 Java 的内存中,而不是以 DB准确返回您正在查找的行的方式编写 SQL 查询,这样您就可以摆脱if (resultSet.next()).

使用 SQLWHERE子句。

String query = "select username from login where username=? and password=?";
Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;

try {
    connection = getConnection();
    statement = connection.prepareStatement(query);
    statement.setString(1, user);
    statement.setString(2, pass);
    resultSet = statement.executeQuery();

    if (resultSet.next()) {
        response.sendRedirect("LoginSuccess.jsp");
    } else {
        request.setAttribute("message", "retry");
    }
} catch (SQLException e) {
    throw new ServletException("DB interaction failed", e);
} finally {
    if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
    if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
    if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}

请注意,我还修复了显示消息的疯狂方式,并修复了异常处理和数据库资源的关闭。只会将JOptionPane消息显示到网络服务器的屏幕,而不是网络浏览器的屏幕,当它们不在同一台机器上运行时,这在实际生产环境中当然会失败。我强烈建议停止阅读 roseindia.net 教程。该网站充斥着不良做法,例如您的代码中所公开的。

也可以看看:

于 2013-02-08T13:01:16.030 回答
1

将您的查询更改为

String queryTest = "select username,password from login where username = ?";
pstmt = conn.prepareStatement(queryTest); 
pstmt.setString(1,user);

更新:更好的解决方案是不从您的数据库中获取密码(出于安全问题),而只获取所需的数据。

于 2013-02-08T13:00:14.937 回答
0

您正在运行的查询不适用于您为每个用户查询的任何特定用户。我想你忘了在查询中添加用户名和密码。

虽然如果这是您需要迭代一次的要求,请将 while 替换为 if 仅迭代一次

if (rs.Next){

       //your code

}
于 2013-02-08T12:59:57.570 回答
-1 
while (rs.next()) {

     System.out.println("done5");    

     String username=rs.getString(1);
     String password=rs.getString(2);    

     if(user.equals(username) && pass.equals(password))
     {
         response.sendRedirect("LoginSuccess.jsp");
         return;

     }  
     else
     {
        JOptionPane.showMessageDialog(null, "retry");
     }
break;
     }

这不是一个正确的实现,但应该可以解决您的问题。

于 2013-02-08T12:56:43.123 回答
-1

进行查询,以便仅选择具有正确用户名和密码的结果:

String queryTest = "select username,password from login where username=? and password=?";
PreparedStatement pstmt = conn.prepareStatement(queryTest);
pstmt.setString(1, user);    
pstmt.setString(2, pass);
于 2013-02-08T12:58:01.233 回答