使用以下代码对登陆用户进行密码验证。同样是一个数据库里存的用户名和密码,奇怪的是某些可以通过,某些却认证失败(比如用户名为“yy”,密码为“y”)。用的是SQLServer,通过TOMCAT的JDNI访问数据源。 private boolean dbUserSearch(String id, String password) { Connection con = null; try {
con = new ConnectionControl().getConnection(); String sql = "SELECT Password FROM M_User WHERE UserName='" + id
+ "'"; Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(sql); if (rs != null) {
while (rs.next()) {
String dbPass = rs.getString("Password"); if (password.equals(dbPass)) {
return true;
}
}
}
con.commit();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (con != null) {
con.close();
}
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
return false;
}
con = new ConnectionControl().getConnection(); String sql = "SELECT Password FROM M_User WHERE UserName='" + id
+ "'"; Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(sql); if (rs != null) {
while (rs.next()) {
String dbPass = rs.getString("Password"); if (password.equals(dbPass)) {
return true;
}
}
}
con.commit();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (con != null) {
con.close();
}
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
return false;
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货