1、在jsp中输入以下代码
<form action="TestLoginservlet" method="post">
<pre>
用户名:<input type='text' name='userName'>
密码:<input type='password' name='userPassword'>
<input type='submit' name='sub' value="登录">
</pre>
</form>
2、在TestLoginservlet中输入以下代码
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//进行编码修正
response.setContentType("text/html;charset=UTF-8");
request.setCharacterEncoding("UTF-8");
//1、获得用户的输入
String uname = request.getParameter("userName");
String pwd = request.getParameter("userPassword");
//2、连接数据库查询
try {
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/mymarket?characterEncoding=utf-8","root","123456");
Statement statement = connection.createStatement();
String sql = "select * from mymarket where userName='"+uname+"' and userPassword='"+pwd+"'";
ResultSet resultSet = statement.executeQuery(sql);
//3、处理结果
if(resultSet.next()) {
response.getWriter().println("<script>alert('登录成功')</script>");
}else {
response.getWriter().println("用户名或密码出错");
}
resultSet.close();
connection.close();
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
3、由于sql注入有可能对安全性造成破坏,因此在sql语句中不直接使用用户名和密码字符串拼接的形式,而是采用以下方式
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
//response.getWriter().append("Served at: ").append(request.getContextPath());
response.setContentType("text/html;charset=UTF-8");
request.setCharacterEncoding("UTF-8");
//1、获得用户的输入
String uname = request.getParameter("userName");
String pwd = request.getParameter("userPassword");
//2、连接数据库查询
try {
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/数据表名?characterEncoding=utf-8","数据库用户名","密码");
//防止sql注入
String sql = "select * from mymarket where userName=? and userPassword=?";
//预定义语句命令对象
PreparedStatement pstatement = connection.prepareStatement(sql);
pstatement.setString(1,uname);
pstatement.setString(2,pwd);
ResultSet resultSet = pstatement.executeQuery();
//3、处理结果
if(resultSet.next()) {
//response.getWriter().println("登录成功");
response.getWriter().println("<script>alert('登录成功')</script>");
}else {
response.getWriter().println("用户名或密码出错");
}
resultSet.close();
connection.close();
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
网友评论