我做的一个三级级联查询,现在用户在登陆之后可以看到所有作业队的所有作业文件.我想做一个权限控制:只有userinfo表中的权限字段为“3”的用户才能看到所有文件,为"2"时,只能看到自己所在作业队的文件。
用户的权限值和TeamNumber已在本页中得到:session.getAttribute("Authority");session.getAttribute("TeamNumber");数据库表team中的字段为:companyid,teamid,TeamNumber;表file中的字段为teamid,filenameid,Filename.
我这没多少分,还请大家多见谅! 源代码如下:
<%
Connection conn=null;
Statement stmt=null;
ResultSet rs=null,rs1=null,rs2=null;
String sql;
int count;
int count2;
String drivername="com.mysql.jdbc.Driver";
String url="jdbc:mysql://localhost:3306/Frac_DB";
try{
Class.forName(drivername);
conn=DriverManager.getConnection(url,"root","******");
stmt=conn.createStatement();
sql="select * from team order by companyid asc";
rs=stmt.executeQuery(sql);
}
catch(SQLException e){
System.out.println(e.getMessage());
}
%>
<script language="javascript">
var onecount;
onecount=0;
subcat=new Array();
<%
count=0;
while(rs.next()){
%>
subcat[<%=count%>]=new Array("<%=rs.getString("TeamNumber")%>","<%=rs.getInt("companyid")%>","<%=rs.getInt("teamid")%>");
<%
count = count + 1 ; }
rs.close();
rs=null;
%>
onecount=<%=count%>;
function changelocation(companyid){
document.myform.smalllocation.length=0;
var companyid=companyid;
var i;
document.myform.smalllocation.options[0]=new Option('==选择作业队==','');
for(i=0;i<onecount;i++){
if (subcat[i][1] == companyid)
{
document.myform.smalllocation.options[document.myform.smalllocation.length] = new Option(subcat[i][0], subcat[i][2]);
}
}
}
</script> <% sql="select * from file order by teamid asc";
rs2=stmt.executeQuery(sql); %>
<script language="javascript">
var onecount2;
onecount2=0;
subcat2=new Array();
<%
count2=0;
while(rs2.next()){
%>
subcat2[<%=count2%>]=new Array("<%=rs2.getString("filename")%>","<%=rs2.getInt("teamid")%>","<%=rs2.getInt("filenameid")%>");
<%
count2 = count2 + 1 ; }
rs2.close();
rs2=null;
%>
onecount2=<%=count2%>;
function changelocation2(teamid)
{
document.myform.file.length = 0; var teamid=teamid;
var j;
document.myform.file.options[0] = new Option('==选择文件==','');
for (j=0;j < onecount2; j++)
{
if (subcat2[j][1] == teamid)
{
document.myform.file.options[document.myform.file.length] = new Option(subcat2[j][0], subcat2[j][2]);
}
} }
</script></h2><h2>
<body>
<form name="myform" action="Realtime/rplottest2.jsp"method="post" >文件查询:<select name="biglocation" onchange="changelocation(document.myform.biglocation.options[document.myform.biglocation.selectedIndex].value)" size="1">
<option selected="selected">请选择您的公司</option>
<%
sql ="select * from company order by Company asc";
rs1 = stmt.executeQuery(sql);
while(rs1.next()){
%>
<option value='<%=rs1.getInt("companyid")%>'><%=rs1.getString("Company")%></option>
<%}
rs1.close();
rs1 = null;
conn.close();
conn =null;
%>
</select><select name="smalllocation" onchange="changelocation2(document.myform.smalllocation.options[document.myform.smalllocation.selectedIndex].value)">
<option selected="selected" value="">==选择作业队==</option>
</select>
<select name="file" size="1" onchange="this.form.submit()">
<option selected="selected"value="filename">==选择文件==</option>
</select>
</form>
用户的权限值和TeamNumber已在本页中得到:session.getAttribute("Authority");session.getAttribute("TeamNumber");数据库表team中的字段为:companyid,teamid,TeamNumber;表file中的字段为teamid,filenameid,Filename.
我这没多少分,还请大家多见谅! 源代码如下:
<%
Connection conn=null;
Statement stmt=null;
ResultSet rs=null,rs1=null,rs2=null;
String sql;
int count;
int count2;
String drivername="com.mysql.jdbc.Driver";
String url="jdbc:mysql://localhost:3306/Frac_DB";
try{
Class.forName(drivername);
conn=DriverManager.getConnection(url,"root","******");
stmt=conn.createStatement();
sql="select * from team order by companyid asc";
rs=stmt.executeQuery(sql);
}
catch(SQLException e){
System.out.println(e.getMessage());
}
%>
<script language="javascript">
var onecount;
onecount=0;
subcat=new Array();
<%
count=0;
while(rs.next()){
%>
subcat[<%=count%>]=new Array("<%=rs.getString("TeamNumber")%>","<%=rs.getInt("companyid")%>","<%=rs.getInt("teamid")%>");
<%
count = count + 1 ; }
rs.close();
rs=null;
%>
onecount=<%=count%>;
function changelocation(companyid){
document.myform.smalllocation.length=0;
var companyid=companyid;
var i;
document.myform.smalllocation.options[0]=new Option('==选择作业队==','');
for(i=0;i<onecount;i++){
if (subcat[i][1] == companyid)
{
document.myform.smalllocation.options[document.myform.smalllocation.length] = new Option(subcat[i][0], subcat[i][2]);
}
}
}
</script> <% sql="select * from file order by teamid asc";
rs2=stmt.executeQuery(sql); %>
<script language="javascript">
var onecount2;
onecount2=0;
subcat2=new Array();
<%
count2=0;
while(rs2.next()){
%>
subcat2[<%=count2%>]=new Array("<%=rs2.getString("filename")%>","<%=rs2.getInt("teamid")%>","<%=rs2.getInt("filenameid")%>");
<%
count2 = count2 + 1 ; }
rs2.close();
rs2=null;
%>
onecount2=<%=count2%>;
function changelocation2(teamid)
{
document.myform.file.length = 0; var teamid=teamid;
var j;
document.myform.file.options[0] = new Option('==选择文件==','');
for (j=0;j < onecount2; j++)
{
if (subcat2[j][1] == teamid)
{
document.myform.file.options[document.myform.file.length] = new Option(subcat2[j][0], subcat2[j][2]);
}
} }
</script></h2><h2>
<body>
<form name="myform" action="Realtime/rplottest2.jsp"method="post" >文件查询:<select name="biglocation" onchange="changelocation(document.myform.biglocation.options[document.myform.biglocation.selectedIndex].value)" size="1">
<option selected="selected">请选择您的公司</option>
<%
sql ="select * from company order by Company asc";
rs1 = stmt.executeQuery(sql);
while(rs1.next()){
%>
<option value='<%=rs1.getInt("companyid")%>'><%=rs1.getString("Company")%></option>
<%}
rs1.close();
rs1 = null;
conn.close();
conn =null;
%>
</select><select name="smalllocation" onchange="changelocation2(document.myform.smalllocation.options[document.myform.smalllocation.selectedIndex].value)">
<option selected="selected" value="">==选择作业队==</option>
</select>
<select name="file" size="1" onchange="this.form.submit()">
<option selected="selected"value="filename">==选择文件==</option>
</select>
</form>
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货