public class CheckLogin {
/**
* 验证用户是否登陆成功
*
* @param username
* 用户名
* @param pass
* 密码
* @return
*/
public boolean validate(String username, String pass) {
boolean flag = false;
Connection conn = null;
PreparedStatement ps = null;
ResultSet res = null;
try {
String sql = "select * from userinfo where loginname= ?";
conn = ConnectionManager.getConnection();
ps = conn.prepareStatement(sql);
ps.setString(1, username);
res = ps.executeQuery(sql);
if (res.next() && res.getString("password").equals(pass)) {
flag = true;
}else{
flag=false;
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
ConnectionManager.closeAll(ps, res, conn);
}
return flag;
}
}
public class LoginServlet extends HttpServlet{ public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html;charset=utf-8");
String username = request.getParameter("loginName");
String pass = request.getParameter("loginPass");
CheckLogin ck=new CheckLogin();
if(ck!=null){
if (ck.validate(username, pass)) {
HttpSession session=request.getSession(false);
session.setAttribute("userName", username);
request.getRequestDispatcher("show.jsp").forward(request, response);
} else {
request.setAttribute("error!", "登录失败!请重新登录!");
response.sendRedirect("login.jsp");
}
}else{
request.setAttribute("error", "不存在该用户!!!!");
}
}
我的是mysql5.0 是不是不支持?占位符 还是怎么了?You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
/**
* 验证用户是否登陆成功
*
* @param username
* 用户名
* @param pass
* 密码
* @return
*/
public boolean validate(String username, String pass) {
boolean flag = false;
Connection conn = null;
PreparedStatement ps = null;
ResultSet res = null;
try {
String sql = "select * from userinfo where loginname= ?";
conn = ConnectionManager.getConnection();
ps = conn.prepareStatement(sql);
ps.setString(1, username);
res = ps.executeQuery(sql);
if (res.next() && res.getString("password").equals(pass)) {
flag = true;
}else{
flag=false;
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
ConnectionManager.closeAll(ps, res, conn);
}
return flag;
}
}
public class LoginServlet extends HttpServlet{ public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { response.setContentType("text/html;charset=utf-8");
String username = request.getParameter("loginName");
String pass = request.getParameter("loginPass");
CheckLogin ck=new CheckLogin();
if(ck!=null){
if (ck.validate(username, pass)) {
HttpSession session=request.getSession(false);
session.setAttribute("userName", username);
request.getRequestDispatcher("show.jsp").forward(request, response);
} else {
request.setAttribute("error!", "登录失败!请重新登录!");
response.sendRedirect("login.jsp");
}
}else{
request.setAttribute("error", "不存在该用户!!!!");
}
}
我的是mysql5.0 是不是不支持?占位符 还是怎么了?You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
在上面语句中res = ps.executeQuery();由于你是用prepareStatement();
试一下,应该是这个问题
conn = ConnectionManager.getConnection();
ps = conn.prepareStatement(sql);
//ps.setString(1, username);
res = ps.executeQuery(sql);
sql.append(username);
sql.append("'");
……
res = ps.executeQuery(sql.toString());
你这样试下呢?
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
public static void main(String[] args) throws Exception {
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException ex) {
ex.printStackTrace();
} // 声明变量,使用,而后关闭
Connection conn = null; // 数据库连接
ResultSet rs = null; // 结果集
PreparedStatement pst = null; try {
// 2. 获取数据库的连接
conn = DriverManager
.getConnection(
"jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=GBK",
"root", ""); pst = conn
.prepareStatement(" select id,name from mybatis3_author where name = ? ");
pst.setString(1, "朱自清"); rs = pst.executeQuery(); // 5. 现实结果集里面的数据
while (rs.next()) {
System.out.println("编号=" + rs.getInt(1));
System.out.println("姓名=" + rs.getString("name"));
System.out.println("---------------");
}
} catch (Exception ex) {
ex.printStackTrace();
} finally {
try {
if (rs != null) {
rs.close();
}
if (pst != null) {
pst.close();
}
if (conn != null) {
conn.close();
}
} catch (Exception ex) {
ex.printStackTrace();
}
} }
编号=3
姓名=朱自清
---------------
这个是在本地测试通过的。如果在你的环境下还是不行,那么你直接SQL下。或者安装一个mysql的IDE,比如navicat/phpadmin连接下你的数据看看可以运行不。我的mysql-connector包版本是
mysql-connector-java-5.1.13-bin.jar
mysql数据库5.0
看到一个类似的sql语句,也是报语法错误,为什么后面where loginname = ?,为什么用“?”?????
String sql = "select * from userinfo where loginname= " + loginname;