52,797
社区成员
发帖
与我相关
我的任务
分享请教关于多个ajax请求同一个servlet的安全性问题
我做的是一个下拉框,要求第一次点击去数据库查最新的,然后我是通过ajax请求同一个servlet,得到的,用户量方面过万人可能同时使用,就是保险公司打电话的人用,上万人同时用就很多了,下面代码是js到servlet,然后到一个java文件里,我想知道我现在这样做会不会导致这个人下拉框查出来的数据显示到别人的下拉框里面,这是绝对不容许的,我想要百分百的安全性,最好效率上也能稍微考虑下,一个下拉框等太久不好吧,我对ajax懂的比较少,只是会用,async:false这个同步属性是百度我加上去的,不知道有没有用,各位大神们,帮帮忙,非常感谢
---------------------------------------------------------------
-------------------------------------------------------------------
-------------------------
---------------------------------
---------------------------------------------------------------
//obj:当前对象、固定值this; sqlFlag:对应CodeSelectBL中的sql; paramSQL:where后面拼接的查询条件
function selectCodeList(obj, sqlFlag, paramSQL) {
$.ajax({url:"../servlet/CodeSelectServlet",
datatype:"json",
async:false,
type:"post",
data:{"sqlFlag":sqlFlag, "paramSQL":paramSQL},
success:function (jsonStr) {
var jsonobj = eval("(" + jsonStr + ")");
var data = jsonobj["datas"];
var codemap = data["0"]["0"];
for (var key in codemap) {
var s = codemap[key];
obj.append("<li><i>" + key + "</i><span>" + s + "</span></li>");
//当li数量过多给Ul加滚动条
var $HselectUlHeight = obj.height();
console.log('高度'+$HselectUlHeight);
if($HselectUlHeight > 125){
$(selector).find('.HselectUl').css({
'height':'125px',
'overflow': 'scroll',
'overflow-y': 'scroll'
});
}
}
}, error:function () {
alert("error!");
}});
}-------------------------------------------------------------------
/**
* 下拉框查询
*
* @author YanJianZhe
*/
public class CodeSelectServlet extends BaseServlet {
@Override
public void setQuerySql() {
// TODO Auto-generated method stub
}
@Override
public void setSearchConditions(HttpServletRequest request,
HttpServletResponse response) {
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.addHeader("Access-Control-Allow-Origin", "*");
PrintWriter out = response.getWriter();
String sqlFlag = (String) request.getParameter("sqlFlag");
String paramSQL = (String) request.getParameter("paramSQL");
CodeSelectBL codeSelectBl = new CodeSelectBL();
// 返回json
String jsonStr = codeSelectBl.codeSelects(sqlFlag, paramSQL);
System.out.println("下拉列表前台flag=======" + sqlFlag);
System.out.println("下拉列表返回到前台的json=======" + jsonStr);
out.write(jsonStr);
out.close();
}
}-------------------------
public class CodeSelectBL {
// 执行sql语句类
private ExeSQL tExeSQL = new ExeSQL();
/** 存储查询语句 */
private String mSQL = "";
private StringBuffer mSBql = new StringBuffer(256);
/** 存储全局变量 */
private GlobalInput mGlobalInput = new GlobalInput();
/** 业务处理相关变量 */
private LDCodeSchema mLDCodeSchema = new LDCodeSchema();
/** 存储查询条件 */
private String mCodeCondition = "";
private String mConditionField = "";
/** 系统日期*/
private String mCurrentDate = PubFun.getCurrentDate();
private String mCurrentTime = PubFun.getCurrentTime();
public String codeSelects(String sqlFlag,String paramSQL) {
mLDCodeSchema.setCodeType(sqlFlag);
String result = "success";
String message = "成功!";
String jsonStr = "";
String data = "";
String codeId = "";
String codeName = "";
Map codeMap = new HashMap();
List jqueryList = new ArrayList();
mCodeCondition = paramSQL;
//mConditionField = conditionField;
//System.out.println(objCondition+"---"+conditionField);
String codesql = getCodeSql();
SSRS ssrs = new SSRS();
ssrs = tExeSQL.execSQL(codesql);
if (ssrs != null && ssrs.getMaxRow() > 0) {
for (int i = 1; i <= ssrs.getMaxRow(); i++) {
codeId = ssrs.GetText(i, 1);
codeName = ssrs.GetText(i, 2);
codeMap.put(codeId, codeName);
}
} else {
result = "fail";
message = "查询下拉列表失败!";
}
String jsonStr4 = "{\"codeMap\":\"" + codeMap + "\"}";
data += jsonStr4;
jqueryList.add(codeMap); // 拼装jqyery的json
JSONArray jsonArraytemp = new JSONArray();
jsonArraytemp = JSONArray.fromObject(jqueryList);
// 返回前台页面json数据
jsonStr = "{\"result\":\"" + result + "\",\"message\":\"" + message
+ "\",\"datas\":[" + jsonArraytemp + "]}";
return jsonStr;
}
}---------------------------------
<servlet>
<servlet-name>CodeSelectServlet</servlet-name>
<servlet-class>com.sinosoft.servlet.selected.CodeSelectServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CodeSelectServlet</servlet-name>
<url-pattern>/servlet/CodeSelectServlet</url-pattern>
</servlet-mapping>
...全文
请发表友善的回复…
发表回复
qq_25914321 2017-03-21
- 打赏
- 举报
啊啊啊啊啊啊
