关于防盗链的问题。
login.jsp
<%@ page language="java" import="java.sql.*,javax.sql.*,com.admin.*"
pageEncoding="gbk"%>
<jsp:useBean id="useradmin" class="com.admin.dao.Unitsdao" scope="session"></jsp:useBean>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
String type = null;
String sql = "select * from admin where username='" + username
+ "' and password='" + password + "'";
ResultSet rs = null;
rs = useradmin.executeQuery(sql);
if (rs.next()) {
type = rs.getString("type");
if (type.equals("manager")) {
session.setAttribute("username",username);
session.setAttribute("type",type);
response.sendRedirect("../CarInfo/Viewcarinfo.jsp");
} else if (type.equals("user")) {
session.setAttribute("username",username);
session.setAttribute("type",type);
response.sendRedirect("../CarInfo/Viewcarinfo.jsp");
}
} else {
out.print("<script>alert('密码或者用户名错误!请重新登录!');</script>");
response.sendRedirect("index.html");
}
%>
<html>
<head>
</head>
<body>
</body>
</html>
//防盗链
<%
String username=(String)session.getAttribute("username");
String type=(String)session.getAttribute("type").toString();
if(username==null){
response.sendRedirect("index.html");
}else{
out.print("你好,"+username+"欢迎登陆");
}
%>
为什么我不输入账号密码进去报空异常!!!!!
开始没做权限的时候,不输入账号密码点击其他页面都返回主页,而现在却直接报错