【发布时间】:2014-09-03 20:20:09
【问题描述】:
我有一个名为 apt1.java 的用户定义包,我将它导入一个名为 aptservlet1.java 的 servlet。它运行正确,但仅返回与正确参数无关的错误值。如果我通过简单的 java 程序(在命令提示符中有输出)使用这个包,那么它会给出正确的答案。
请回答这个问题.. 接下来是我的程序..
aptservlet1.java:
import java.io.IOException;
import java.io.PrintWriter;
public class aptservlet1 extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException {
boolean correct;
res.setContentType("text/html");
PrintWriter out = res.getWriter();
String user, pass;
user = req.getParameter("user");
pass = req.getParameter("pass");
apt1 o1 = new apt1();
correct = o1.confirmadmin(user, pass);
out.println("value of correct=" + correct);
ServletContext sc = this.getServletContext();
if (correct) {
out.println("correct");
}
if (correct) {
out.println("incorret");
}
}
}
apt1.java:
public class apt1 {
String url = "jdbc:mysql://localhost/" + "aptitude";
public apt1() {
try {
Class.forName("con.mysql.jdbc.Driver");
} catch (ClassNotFoundException ce) {
}
}
public boolean confirmadmin(String user, String pass) {
boolean c = false;
try {
String url = "jdbc:mysql://localhost/" + "aptitude";
Connection con = DriverManager.getConnection(url, "root", "");
Statement s = con.createStatement();
ResultSet rs = s
.executeQuery("select a_pass from admin_database where a_user='"
+ user + "'");
rs.next();
String s1 = rs.getString(1);
int k = s1.compareTo(pass);
if (k == 0) {
c = true;
} else {
c = false;
}
} catch (SQLException se) {
}
return c;
}
}
【问题讨论】:
-
你可以考虑用
return s1.equals(pass);替换int k=s1.compareTo(pass);和下面的if/else-block。 -
你做错了。您应该搜索与该用户 和密码匹配的行, 并测试是否存在。让数据库进行比较。还应该对密码进行哈希处理,数据库可以再次为您执行此操作。
标签: java servlets import return package