验证 servlet

【问题标题】:validate servlet验证 servlet
【发布时间】:2012-11-28 09:54:54
【问题描述】:

我正在尝试使用表单获取用户名 n 密码。n 我正在使用存储在 mysql 表中的用户名 n 密码验证它。但它没有被执行...有人能告诉我怎么了吗???Thnx为了快速回复.. ;-) 

*package mypack;
    import java.io.IOException;
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.Statement;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    /**
     * Servlet implementation class SaveServlet
     */
    public class SaveServlet extends HttpServlet {
        private static final long serialVersionUID = 1L;
        /**
         * Default constructor. 
         */
        public SaveServlet() {
            // TODO Auto-generated constructor stub
        }
        /**
         * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
         */
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // TODO Auto-generated method stub
            String u = request.getParameter("username");
            String p=request.getParameter("password");
            System.out.println(u);
            System.out.println(p);
            String c="jdbc:mysql://localhost:3306/test";
            Connection con=null;
            try{
                Class.forName("com.mysql.jdbc.Driver").newInstance();

                con = DriverManager.getConnection(c, "root", "MyNewPass");
                PreparedStatement pst=con.prepareStatement("select * from userinfo where username="+u+" and password="+p+";");
                System.out.println("inside resultset");
                ResultSet rs=pst.executeQuery(); 
                System.out.println("inside resultset");
                while(rs.next())
                {
                    System.out.println("inside resultset");

                }
            }
                catch (Exception e) {
                    // TODO: handle exception
                    System.out.println("Failed");
                }

        }
        /**
         * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
         */
        protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // TODO Auto-generated method stub
            doGet(request, response);
        }
    }*

html

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">


function validate(){
    var x = document.forms["form1"]["username"].value;
    if (x == null || x == "") {
        alert("Fill the User Id to Login");
        return false;
    }
    var y = document.forms["form1"]["password"].value;
    if (y == null || y == "") {
        alert("Password Please");
        return false;
    }

    else{

        document.form1.submit();
        return true;


}

}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<center>
<form action="SaveServlet" name="form1">username &nbsp;&nbsp;&nbsp; <input
    type="text" name="username" /> <br>
<br>
password &nbsp;&nbsp;&nbsp; <input type="password" name="password"></input><br>
<br>
&nbsp;&nbsp;&nbsp; <input type="button" value="login" onclick="validate()"> &nbsp;&nbsp;&nbsp;</form>
</center>
</body>
</html>

【问题讨论】:

  • 您是否在日志中“在结果集中”看到此消息
  • 是的兄弟...第一条消息....控制台在结果集中给出失败
  • 检查你是否从你的数据库中获得了连接对象
  • 连接已建立......只是b4 sql查询一切正常......
  • 在你的 System.out.println("Failed"); 中做一件事像这样修改 System.out.println("Failed because "+ e);我想知道那个异常是什么

标签: html mysql servlets


【解决方案1】:

这将导致 sql 注入。 您需要使用 PreparedStament 来执行查询

应首先进行以​​下更改:

Object  u_obj = request.getParameter("username");
Object  p_obj = request.getParameter("password");

 String u = u_obj==null?"":u_obj;
 String p = p_obj==null?"":p_obj;

其次:

PreparedStatement pst=con.prepareStatement("select * from userinfo where username="+u+" and password="+p+";");

应替换为:

  PreparedStatement pst=con.prepareStatement("select * from userinfo where username=? and password=?");
pst.setString(1,u);
pst.setString(2,p);

【讨论】:

  • 感谢代表...但还是一样...控制台让用户在结果集中通过失败
  • 你在日志中得到了什么?请粘贴
  • 用户在结果集中传递失败
  • 这意味着错误点是“ResultSet rs=pst.executeQuery();”,做一件事:在catch时钟中粘贴“e.printStackTrace();”那么请让我知道堆栈跟踪
【解决方案2】:

问题在于查询语法...将其更改为 

"select * from userinfo where username='"+u+"' and password='"+p+"'";

更正的 servlet...

package mypack;

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class SaveServlet
 */
public class SaveServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;

    /**
     * Default constructor. 
     */
    public SaveServlet() {
        // TODO Auto-generated constructor stub
    }

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // TODO Auto-generated method stub
        String u = request.getParameter("username");
        String p=request.getParameter("password");
        System.out.println("USER-->"+u);
        ResultSet rs;
        String q="select * from userinfo where username='"+u+"' and password='"+p+"'";
        Connection con=null;



        String c="jdbc:mysql://localhost:3306/test";

        try{

            Class.forName("com.mysql.jdbc.Driver").newInstance();
            con = DriverManager.getConnection(c, "root", "MyNewPass");
            System.out.println("connection done");


            PreparedStatement ps=con.prepareStatement(q);
            System.out.println(q);
            rs=ps.executeQuery();
            System.out.println("done2");
            while (rs.next()) {
               System.out.println(rs.getString(1));
               System.out.println(rs.getString(2));

            }

        }
            catch (Exception e) {
                // TODO: handle exception
                System.out.println("Failed");
            }

    }

    /**
     * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // TODO Auto-generated method stub
        doGet(request, response);
    }

}

【讨论】:

    【解决方案3】:

    试试这个:

    package mypack;
    import java.io.IOException;
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.Statement;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    /**
     * Servlet implementation class SaveServlet
     */
    public class SaveServlet extends HttpServlet {
        private static final long serialVersionUID = 1L;
        /**
         * Default constructor. 
         */
        public SaveServlet() {
            // TODO Auto-generated constructor stub
        }
        /**
         * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
         */
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // TODO Auto-generated method stub
            String u = request.getParameter("username");
            String p=request.getParameter("password");
            System.out.println(u);
            System.out.println(p);
            String c="jdbc:mysql://localhost:3306/test";
            Connection con=null;
            try{
                Class.forName("com.mysql.jdbc.Driver").newInstance();
               String sql =  "select * from userinfo where username=? and password=?";
                con = DriverManager.getConnection(c, "root", "MyNewPass");
                PreparedStatement pst =con.prepareStatement(sql);
                pst.setString(1,u);
                pst.setString(2,p);
                System.out.println("inside resultset");
                ResultSet rs=pst.executeQuery(); 
                System.out.println("inside resultset");
                while(rs.next())
                {
                    System.out.println("inside resultset");

                }
            }
                catch (Exception e) {
                    // TODO: handle exception
                    System.out.println("Failed");
                }

        }
        /**
         * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
         */
        protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
            // TODO Auto-generated method stub
            doGet(request, response);
        }
    }*

    【讨论】:

      猜你喜欢
      • 2011-11-20
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2013-09-05
      • 2015-04-01
      • 2019-03-27
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode