又是jsp的登陆问题,百思不得起解,大家帮忙啊!!!!

geni7519 2004-12-24 10:44:01
代码:
<%@ page contentType="text/html;charset=GB2312" %>
<%@ page import="java.sql.*" %>
<HTML>
<BODY bgcolor="#008080"><Font size=4>
<%@ include file="head.txt" %>
<P>用户登录
<FORM action="log.jsp" Method="post">
<BR>用户姓名:
<BR><Input type=text name="logname">
<BR>用户密码:
<BR><Input type=password name="password">
<BR><Input type=submit name="g" value="提交">
</FORM>
<%!
public String getString(String s)
{ if(s==null) s="";
try {byte a[]=s.getBytes("ISO-8859-1");
s=new String(a);
}
catch(Exception e)
{ }
return s;
}
%>
<%
String name=request.getParameter("logname");
name=getString(name);

String password=request.getParameter("password");
password=getString(password);
//查询数据库信息,验证身份:
Connection con=null;
Statement sql=null;
ResultSet rs=null;
try{Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
}
catch(ClassNotFoundException event){}
try
{con=DriverManager.getConnection("jdbc:odbc:sun","","");
sql=con.createStatement();
String condition="SELECT * FROM member WHERE logname= "+"'"+name+"'"+"and"+" "+"password="+"'"+password+"'";//注意这里and和password之间的空格
out.print(condition);
rs =sql.executeQuery(condition);
int i=0;
while(rs.next())
{ i++;
}
if(i==1)
{
session.setAttribute("logname",logname);
session.setAttribute("password",password);

response.sendRedirect("index.jsp");
}

if(!(session.isNew()))
{ out.print("<BR>您输入的帐号或密码不正确");
}
}
catch(SQLException e1) {}
%>

</FONT>
</BODY>
</HTML>
运行代码后
out.print(condition); 这行显示 select * from member where logname='' and password=''
如带注释的那行改为:
"SELECT * FROM member WHERE logname = "+"'"+name+"'"+"and"+"password="+"'"+password+"'";
and和password之间没有空格 out.print(condition); 这行显示 select * from member where logname='song' andpassword='1111' song和1111是传进的值。
为什么会这样,有什么办法解决吗?使我能得到SQL语句的返回值.
...全文
83 点赞 收藏 3
写回复
3 条回复
huguangwu 2005年04月06日
sorry:

String condition="SELECT * FROM member WHERE logname='"+name+"' and password=‘"+password+"'";
回复 点赞
huguangwu 2005年04月06日
try this

String condition="SELECT * FROM member WHERE logname='"+name+"' and password=‘"+"password+"'";

回复 点赞
a000000 2005年04月06日
up
回复 点赞
发动态
发帖子
Web 开发
创建于2007-09-28

5.2w+

社区成员

34.1w+

社区内容

Java Web 开发
社区公告
暂无公告