1

I have found a few answers to this question on this site, but haven't been able to apply it correctly. I'm trying to take a user's input for user name and password and check it against a database to see if its correct. Everything works fine unless the username entered is not in the database. In that case the query doesn't find any rows. I'm doing this with derby in netbeans. So I think I'm just having trouble detecting when the query is sent with an unknown username. Any Suggestions?

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "MyServlet", urlPatterns ={"/echo"})
public class LoginAction extends HttpServlet {
private ResultSet resultSet;
private Connection con;

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
    out.println("<!DOCTYPE html>");
    out.println("<html><head>");
    out.println("<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>");
    String userName = request.getParameter("username");
    String password = request.getParameter("password");
    if (userName.length()>0 & password.length()>0){
        try{
            String url = "jdbc:derby:c:/users/project/.netbeans-derby/";
            String db = "loginpass";
            String driver = "org.apache.derby.jdbc.EmbeddedDriver";
            String user = "user";
            String pass = "pass";
            Class.forName(driver).newInstance();
            con = DriverManager.getConnection(url+db, user, pass);
            String statement = "SELECT PASSWORD FROM LOGINPASS WHERE LOGIN = '"+userName+"'";
            PreparedStatement prepStatement = con.prepareStatement(statement);
            resultSet = prepStatement.executeQuery();

            while (resultSet.next()){
               if (resultSet.getString("password").equals(password)){
                   out.println("Login attempt successful!");
                   out.println("<br><a href='index.jsp'>Back to Login Page</a>");
               } else {
                   out.println("Password incorrect");
                   out.println("<br><a href='index.jsp'>Back to Login Page</a>");
               }
            }
            con.close();
        }catch(Exception e){
            out.println("caught...");
            e.printStackTrace();
        }
     } else {
        out.println("Login attempt failed");
        out.println("<a href='index.jsp'>Back to Login Page</a>");
     }
     } finally {
        out.close();  
     }
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    doGet(request, response);
}
4

3 回答 3

2

正如您期望只有一行,您可以写:

if (resultSet.next()) {
    if (resultSet.getString("password").equals(password)){
        out.println("Login attempt successful!");
        out.println("<br><a href='index.jsp'>Back to Login Page</a>");
    } else {
        out.println("Password incorrect");
        out.println("<br><a href='index.jsp'>Back to Login Page</a>");
    }
} else {
    out.println("User doesn't exist");
    out.println("<br><a href='index.jsp'>Back to Login Page</a>");
}

而且你最好使用参数来避免sql注入:

String statement = "SELECT PASSWORD FROM LOGINPASS WHERE LOGIN = ?";
PreparedStatement prepStatement = con.prepareStatement(statement);
prepStatement.setString(1, userName);
resultSet = prepStatement.executeQuery();
于 2013-07-06T20:31:58.887 回答
1

在While(resultSet.next())之前,输入if(resultSet!=null)。如果查询没有结果,resultSet将为null。

于 2013-07-06T20:28:23.547 回答
1

您可以从ResultSet对象本身进行检查。结果集#isBeforeFirst()

检索游标是否在此 ResultSet 对象的第一行之前。

注意:对于结果集类型为 TYPE_FORWARD_ONLY 的 ResultSet,对 isBeforeFirst 方法的支持是可选的

回报:

如果光标在第一行之前,则为 true;如果游标位于任何其他位置或结果集不包含任何行,则返回 false。

if (!resultSet.isBeforeFirst()) {
  out.println("no rows fetched");
  out.println("User with this password not found");
  out.println("<br><a href='index.jsp'>Back to Login Page</a>");
}
于 2013-07-06T20:25:10.227 回答