先看一下我的判断用户名密码的javabean
package com.jb.logon;
import com.jb.logon.DB;
import java.sql.*;
public class UserLogOn {
private String username;
private String userpassword;
private ResultSet rs;
private DB db=new DB();
HttpServletResponse response;
HttpServletRequest request;
public UserLogOn(){}
public void setUsername(String username){
this.username=username;
}
public String getUsername(){
return this.username;
}
public void setUserpassword(String userpassword){
this.userpassword=userpassword;
}
public String getUserpassword(){
return this.userpassword;
}
public String checkuser(){
String backstr="";
boolean =true;
if(this.username==null||this.username.equals("")){
backstr+="<li>请输入<b>用户名!</b></li><br>";
=false;
}
if(this.userpassword==null||this.userpassword.equals("")){
backstr+="<li>请输入<b>密 码!</b></li><br>";
=false;
}
if(){
String sql="select * from tb_logon where user_name='"+this.username+"' and user_password='"+this.userpassword+"'";
try{
rs=db.getRs(sql);
if(!rs.next())
backstr="登录失败!<br>输入的<b>用户名</b>或<b>密码</b>不存在!";
else
backstr="登录成功!<br><table><tr><td>用户名:</td><td>"+this.username+"</td></tr><tr><td>密 码:</td><td>"+this.userpassword+"</td></tr></table>";
//response.sendRedirect("main.jsp");
}catch(Exception e){e.printStackTrace();}
}
db.closed();
return backstr;
}
}----------------------------------------
然后获取表单数据的页面 dologon.jsp
<%@ page contentType="text/html;charset=gb2312"%>
<jsp:useBean id="mylogon" class="com.jb.logon.UserLogOn"/>
<%
String username=request.getParameter("username");
if(username==null)
username="";
username=new String(username.getBytes("ISO-8859-1"),"gbk");
String userpassword=request.getParameter("userpassword");
if(userpassword==null)
userpassword="";
userpassword=new String(userpassword.getBytes("ISO-8859-1"),"gbk");
mylogon.setUsername(username);
mylogon.setUserpassword(userpassword);%>
<html>
<head>
<title>用户登录模块</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<center>
<table style="margin-top:200" width="250" border="1" cellpadding="0" cellspacing="0" bordercolor="black" bordercolorlight="black" bordercolordark="white">
<tr bgcolor="lightgrey" height="30">
<td align="center">登录状况</td>
</tr>
<tr height="50">
<td align="center">
<%=mylogon.checkuser()%><!-- fd -->
<% if (username.equals(username) && userpassword.equals(userpassword)){
response.sendRedirect("main.jsp");
}
%> </td>
</tr>
</table>
<a href="index.jsp">[返回]</a>
</center>
</body>
</html>
其中,为啥这段用于判断用户名密码是否正确,如果正确就跳转到主页面的代码
就是不起作用:
<% if (username.equals(username) && userpassword.equals(userpassword)){
response.sendRedirect("main.jsp");
}
%>
也就是说,不管我在表单上输入什么,只要一点登陆,他就自动跳转到main.jsp页面上去了,也就是更本就没验证用户名和密码,就立刻跳转到main.jsp上去了。
抓狂,抓狂。。
package com.jb.logon;
import com.jb.logon.DB;
import java.sql.*;
public class UserLogOn {
private String username;
private String userpassword;
private ResultSet rs;
private DB db=new DB();
HttpServletResponse response;
HttpServletRequest request;
public UserLogOn(){}
public void setUsername(String username){
this.username=username;
}
public String getUsername(){
return this.username;
}
public void setUserpassword(String userpassword){
this.userpassword=userpassword;
}
public String getUserpassword(){
return this.userpassword;
}
public String checkuser(){
String backstr="";
boolean =true;
if(this.username==null||this.username.equals("")){
backstr+="<li>请输入<b>用户名!</b></li><br>";
=false;
}
if(this.userpassword==null||this.userpassword.equals("")){
backstr+="<li>请输入<b>密 码!</b></li><br>";
=false;
}
if(){
String sql="select * from tb_logon where user_name='"+this.username+"' and user_password='"+this.userpassword+"'";
try{
rs=db.getRs(sql);
if(!rs.next())
backstr="登录失败!<br>输入的<b>用户名</b>或<b>密码</b>不存在!";
else
backstr="登录成功!<br><table><tr><td>用户名:</td><td>"+this.username+"</td></tr><tr><td>密 码:</td><td>"+this.userpassword+"</td></tr></table>";
//response.sendRedirect("main.jsp");
}catch(Exception e){e.printStackTrace();}
}
db.closed();
return backstr;
}
}----------------------------------------
然后获取表单数据的页面 dologon.jsp
<%@ page contentType="text/html;charset=gb2312"%>
<jsp:useBean id="mylogon" class="com.jb.logon.UserLogOn"/>
<%
String username=request.getParameter("username");
if(username==null)
username="";
username=new String(username.getBytes("ISO-8859-1"),"gbk");
String userpassword=request.getParameter("userpassword");
if(userpassword==null)
userpassword="";
userpassword=new String(userpassword.getBytes("ISO-8859-1"),"gbk");
mylogon.setUsername(username);
mylogon.setUserpassword(userpassword);%>
<html>
<head>
<title>用户登录模块</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<center>
<table style="margin-top:200" width="250" border="1" cellpadding="0" cellspacing="0" bordercolor="black" bordercolorlight="black" bordercolordark="white">
<tr bgcolor="lightgrey" height="30">
<td align="center">登录状况</td>
</tr>
<tr height="50">
<td align="center">
<%=mylogon.checkuser()%><!-- fd -->
<% if (username.equals(username) && userpassword.equals(userpassword)){
response.sendRedirect("main.jsp");
}
%> </td>
</tr>
</table>
<a href="index.jsp">[返回]</a>
</center>
</body>
</html>
其中,为啥这段用于判断用户名密码是否正确,如果正确就跳转到主页面的代码
就是不起作用:
<% if (username.equals(username) && userpassword.equals(userpassword)){
response.sendRedirect("main.jsp");
}
%>
也就是说,不管我在表单上输入什么,只要一点登陆,他就自动跳转到main.jsp页面上去了,也就是更本就没验证用户名和密码,就立刻跳转到main.jsp上去了。
抓狂,抓狂。。
永远为true, 当然是跳到main.jsp了
竟然把sql语句都放到jsp里面了