gpt4 book ai didi

java - 如果sql查询什么也找不到怎么处理?在java中使用结果集

转载 作者:行者123 更新时间:2023-11-29 05:41:13 24 4
gpt4 key购买 nike

我已经在这个网站上找到了这个问题的一些答案,但未能正确应用。我正在尝试获取用户输入的用户名和密码,并根据数据库检查它是否正确。除非输入的用户名不在数据库中,否则一切正常。在这种情况下,查询找不到任何行。我在 netbeans 中用 derby 做这个。所以我想我只是无法检测何时使用未知用户名发送查询。有什么建议吗?

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.*;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "MyServlet", urlPatterns ={"/echo"})
public class LoginAction extends HttpServlet {
private ResultSet resultSet;
private Connection con;

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
try {
out.println("<!DOCTYPE html>");
out.println("<html><head>");
out.println("<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>");
String userName = request.getParameter("username");
String password = request.getParameter("password");
if (userName.length()>0 & password.length()>0){
try{
String url = "jdbc:derby:c:/users/project/.netbeans-derby/";
String db = "loginpass";
String driver = "org.apache.derby.jdbc.EmbeddedDriver";
String user = "user";
String pass = "pass";
Class.forName(driver).newInstance();
con = DriverManager.getConnection(url+db, user, pass);
String statement = "SELECT PASSWORD FROM LOGINPASS WHERE LOGIN = '"+userName+"'";
PreparedStatement prepStatement = con.prepareStatement(statement);
resultSet = prepStatement.executeQuery();

while (resultSet.next()){
if (resultSet.getString("password").equals(password)){
out.println("Login attempt successful!");
out.println("<br><a href='index.jsp'>Back to Login Page</a>");
} else {
out.println("Password incorrect");
out.println("<br><a href='index.jsp'>Back to Login Page</a>");
}
}
con.close();
}catch(Exception e){
out.println("caught...");
e.printStackTrace();
}
} else {
out.println("Login attempt failed");
out.println("<a href='index.jsp'>Back to Login Page</a>");
}
} finally {
out.close();
}
}

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}

最佳答案

正如你所期望的只有一行,你可以这样写:

if (resultSet.next()) {
if (resultSet.getString("password").equals(password)){
out.println("Login attempt successful!");
out.println("<br><a href='index.jsp'>Back to Login Page</a>");
} else {
out.println("Password incorrect");
out.println("<br><a href='index.jsp'>Back to Login Page</a>");
}
} else {
out.println("User doesn't exist");
out.println("<br><a href='index.jsp'>Back to Login Page</a>");
}

而且你最好使用参数来避免sql注入(inject):

String statement = "SELECT PASSWORD FROM LOGINPASS WHERE LOGIN = ?";
PreparedStatement prepStatement = con.prepareStatement(statement);
prepStatement.setString(1, userName);
resultSet = prepStatement.executeQuery();

关于java - 如果sql查询什么也找不到怎么处理?在java中使用结果集,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17506762/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com