又是jsp的登陆问题,百思不得起解,大家帮忙啊!!!!
代码:
<%@ page contentType="text/html;charset=GB2312" %>
<%@ page import="java.sql.*" %>
<HTML>
<BODY bgcolor="#008080"><Font size=4>
<%@ include file="head.txt" %>
<P>用户登录
<FORM action="log.jsp" Method="post">
<BR>用户姓名:
<BR><Input type=text name="logname">
<BR>用户密码:
<BR><Input type=password name="password">
<BR><Input type=submit name="g" value="提交">
</FORM>
<%!
public String getString(String s)
{ if(s==null) s="";
try {byte a[]=s.getBytes("ISO-8859-1");
s=new String(a);
}
catch(Exception e)
{ }
return s;
}
%>
<%
String name=request.getParameter("logname");
name=getString(name);
String password=request.getParameter("password");
password=getString(password);
//查询数据库信息,验证身份:
Connection con=null;
Statement sql=null;
ResultSet rs=null;
try{Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
}
catch(ClassNotFoundException event){}
try
{con=DriverManager.getConnection("jdbc:odbc:sun","","");
sql=con.createStatement();
String condition="SELECT * FROM member WHERE logname= "+"'"+name+"'"+"and"+" "+"password="+"'"+password+"'";//注意这里and和password之间的空格
out.print(condition);
rs =sql.executeQuery(condition);
int i=0;
while(rs.next())
{ i++;
}
if(i==1)
{
session.setAttribute("logname",logname);
session.setAttribute("password",password);
response.sendRedirect("index.jsp");
}
if(!(session.isNew()))
{ out.print("<BR>您输入的帐号或密码不正确");
}
}
catch(SQLException e1) {}
%>
</FONT>
</BODY>
</HTML>
运行代码后
out.print(condition); 这行显示 select * from member where logname='' and password=''
如带注释的那行改为:
"SELECT * FROM member WHERE logname = "+"'"+name+"'"+"and"+"password="+"'"+password+"'";
and和password之间没有空格 out.print(condition); 这行显示 select * from member where logname='song' andpassword='1111' song和1111是传进的值。
为什么会这样,有什么办法解决吗?使我能得到SQL语句的返回值.