<%@page contentType="text/html; charset=GBK" errorPage="error.jsp" %>
<%@page import="bookstore.*"%>
<%@page import="java.sql.*"%>
<jsp:useBean id="userBean" scope="session" class="bookstore.User"/>
<jsp:setProperty name="userBean" property="*"/>
<%
Connection conn = null;
try {
conn = DBConnection.getConnection();
String ssql="select USER_NAME from T_USER where user_id="+userBean.getUserId()+" and password ="+userBean.getPassword();
Statement sm = conn.createStatement();
ResultSet rs = sm.executeQuery(ssql);
// 如果是这样写可以,但我要采用下面的写法始终现实fail.jsp页面,告诉我用户名或密码错误!
PreparedStatement pStat =
conn.prepareStatement("select USER_NAME from T_USER where USER_ID=? and PASSWORD=?");
pStat.setString(1,userBean.getUserId());
pStat.setString(2,userBean.getPassword());
// userBean可以正常读取网页传送的数据,我已经检查过!
if(rs.next())
{
%>
<jsp:forward page="welcome.jsp"></jsp:forward>
<%
}
else
{%>
<jsp:forward page="fail.jsp"></jsp:forward>
<%}
}
finally
{
if(conn != null) conn.close();
}
%>我的开发环境是oracle9i+jb2005+tomcat5.0
<%@page import="bookstore.*"%>
<%@page import="java.sql.*"%>
<jsp:useBean id="userBean" scope="session" class="bookstore.User"/>
<jsp:setProperty name="userBean" property="*"/>
<%
Connection conn = null;
try {
conn = DBConnection.getConnection();
String ssql="select USER_NAME from T_USER where user_id="+userBean.getUserId()+" and password ="+userBean.getPassword();
Statement sm = conn.createStatement();
ResultSet rs = sm.executeQuery(ssql);
// 如果是这样写可以,但我要采用下面的写法始终现实fail.jsp页面,告诉我用户名或密码错误!
PreparedStatement pStat =
conn.prepareStatement("select USER_NAME from T_USER where USER_ID=? and PASSWORD=?");
pStat.setString(1,userBean.getUserId());
pStat.setString(2,userBean.getPassword());
// userBean可以正常读取网页传送的数据,我已经检查过!
if(rs.next())
{
%>
<jsp:forward page="welcome.jsp"></jsp:forward>
<%
}
else
{%>
<jsp:forward page="fail.jsp"></jsp:forward>
<%}
}
finally
{
if(conn != null) conn.close();
}
%>我的开发环境是oracle9i+jb2005+tomcat5.0
rs=pStat.executeQuery();
源文件中有这句,忘贴了!
conn.prepareStatement("select USER_NAME from T_USER where USER_ID=? and PASSWORD=?");
pStat.setString(1,userBean.getUserId());
pStat.setString(2,userBean.getPassword());然后就直接if(rs.next())传完参数难道不执行一下?
建议先用setObject方法试试!?
字符串拼结方式中会有强制类型转换,但是这里不会
源代码中有,我漏贴了!
private String userId;
private String password;
private String userName; public String getPassword()
{
return password;
}
public String getUserName() {
return userName;
} public String getUserId() {
return userId;
} public void setPassword(String password) {
this.password = password;
} public void setUserId(String userId) {
this.userId = userId;
} public void setUserName(String userName) {
this.userName = userName;
}
}
conn.prepareStatement(ssql,
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.FETCH_FORWARD);
在你原来程序的基础上再加两个参数
"USER_ID" VARCHAR2(6 byte) NOT NULL,
"USER_NAME" VARCHAR2(60 byte),
"PASSWORD" VARCHAR2(20 byte),
CONSTRAINT "PK_T_USER" PRIMARY KEY("USER_ID")
select count(*) from xxx where xxx
这样可以保证有结果,然后判断该返回字段的记录数是否大于0,这样可保无误
不然有些记录集在没有取到数据的时候作next()也不会出错
还有,你说有问题,那问题是什么怎么不说呢?说出问题的现象至少可以不用盲目地去寻找问题的原因
而直接把参数写到sql中就可以!
oracle9i的sql语法我不清楚,但是你的程序和我在informix和sqlserver下用的是一样的,我这里一切正常,你的问题究竟在哪里就不得而知了