public login() { username=""; passwd=""; isadmin=false; userid=0;
}
public void setUsername(String name){ this.username=name; } public String getUsername(){ return this.username; }
public void setPasswd(String psw){ this.passwd=psw; } public String getPasswd(){ return this.passwd; }
public void setIsadmin(boolean Isadmin){ this.isadmin=Isadmin; } public boolean getIsadmin(){ return this.isadmin; }
public void setUserid(int nid){ this.userid=nid; } public int getUserid(){ return this.userid; }
/** *获得查询用户信息的SQL语句 */ public String getSql(){ if(isadmin){ sqlStr="select * from admin where adminuser=? and adminpass=?"; }else{ sqlStr="select * from users where username=?and password=?"; }
<%@ page contentType="text/html; charset=gb2312" %><%@ page import="util.*" %>
<%@ page import="operator.*" %>
<%@ page import="asset.*"%>
<%
login login=new login();
String mesg = "";if( request.getParameter("username")!=null && !request.getParameter("username").equals("")){
String username =request.getParameter("username"); String passwd = request.getParameter("passwd");
login.setUsername(username);
login.setPasswd(passwd);
login.setIsadmin(false);
if(login.exectue()){
session.setAttribute("username",username);
String userid = Integer.toString(login.getUserid());
session.setAttribute("userid",userid);
response.sendRedirect("assetlist.jsp");
}
else
mesg = "登录出错!" ;
out.println(login.getSql());
out.println(login.getUsername());
out.println(login.getPasswd());
out.println(login.getUserid());
}
%>
<script language="javascript"> function checkform() {
if (document.form1.username.value=="" || document.form1.passwd.value==""){
alert("用户名或密码为空!");
return false;
}
return true; }</script><html>
<body>
<div align=center>用户登录 </div>
<br>
<% if (!mesg.equals("")){
out.println("<p>" + mesg + "</p>");}
%>
<form name="form1" method="post" action="login1.jsp">
<table width="400" border="0" cellspacing="1" cellpadding="1" align="center">
<tr>
<td width="147" align="right">用户名:<br>
</td>
<td width="246" valign="top">
<input type="text" name="username" size="16" maxlength="25">
</td>
</tr>
<tr>
<td width="147" align="right">密码:</td>
<td width="246" valign="top">
<input type="password" name="passwd" maxlength="20" size="16">
</td>
</tr>
<tr>
<td width="147" align="right"> </td>
<td width="246" valign="top">
<input type="submit" name="Submit" value="登录" onclick="javascript:return(checkform());">
<input type="reset" name="Submit2" value="取消">
</td>
</tr>
</table>
</form>
</body></html>
/*
* 创建日期 2006-6-12
*
* 更改所生成文件模板为
* 窗口 > 首选项 > Java > 代码生成 > 代码和注释
*/
package operator;/**
*<p>管理用户登录的类 </p>
*/import java.util.*;
import util.*;
import java.sql.*;public class login {
private String username="";
private String passwd="";
private boolean isadmin=false; //是否管理员登录
private int userid=0;
public String sqlStr="";
private sql_data db; //数据库连接池实例
private Connection con=null; //数据连接对像
private Statement stmt=null;
private ResultSet rs=null; //数据查询结果集
private PreparedStatement ps=null;//数据库操作执行状态对象
public login() {
username="";
passwd="";
isadmin=false;
userid=0;
}
public void setUsername(String name){
this.username=name;
}
public String getUsername(){
return this.username;
}
public void setPasswd(String psw){
this.passwd=psw;
}
public String getPasswd(){
return this.passwd;
}
public void setIsadmin(boolean Isadmin){
this.isadmin=Isadmin;
}
public boolean getIsadmin(){
return this.isadmin;
}
public void setUserid(int nid){
this.userid=nid;
}
public int getUserid(){
return this.userid;
}
/**
*获得查询用户信息的SQL语句
*/
public String getSql(){
if(isadmin){
sqlStr="select * from admin where adminuser=? and adminpass=?";
}else{
sqlStr="select * from users where username=?and password=?";
}
return sqlStr;
}
/**
*执行查询
*/
public boolean exectue() throws Exception{
db=sql_data.getInstance();
con=db.getConnection("idb");
boolean flag=false;
try{
//stmt=con.createStatement();
//rs=stmt.executeQuery(getSql()); ps=con.prepareStatement(getSql());
ps.clearParameters();
ps.setString(1,strFormat.toSql(this.getUsername()));
ps.setString(2,strFormat.toSql(this.getPasswd()));
rs=ps.executeQuery(); // if(rs.next()){
// if(!isadmin){
// userid=rs.getInt("id");
//
// }
//
// flag=true;
// freeCon();
// }
}catch(Exception e){
flag=false;
System.out.println(e.getMessage());
}
return flag;
}
/**
* 释放数据库资源
* PrepareStatement和ResultSet都将关闭,Connection返回给连接池
*/
public void freeCon(){
try{
if(rs!=null) rs.close();
if(ps!=null) ps.close();
//if(stmt!=null) stmt.close();
}catch(Exception e){
}
if(db!=null)
db.freeConnection("idb",con);
}
public static void main(String[] args ){ login l=new login();
l.setIsadmin(false);
l.setUsername("1");
l.setPasswd("1");
try{
if(l.exectue())
System.out.println(l.getUserid());
else
System.out.println(l.getPasswd()+l.getUsername());
}catch(Exception e){
System.out.println("exception");
}
}
}
ps.setString(2,strFormat.toSql(this.getPasswd()));这两句,你的toSql方法做了什么?
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[users]
GOCREATE TABLE [dbo].[users] (
[ID] [int] IDENTITY (1, 1) NOT NULL ,
[UserName] [varchar] (10) COLLATE Chinese_PRC_CI_AS NULL ,
[PassWord] [varchar] (10) COLLATE Chinese_PRC_CI_AS NULL
) ON [PRIMARY]
GO请帮帮忙,谢谢