请大家帮我看看,这段代码是用于检验登录的用户名及密码对不对的问题,一直解决不了...<%
request.setCharacterEncoding("gbk");String action = request.getParameter("action");if(action != null && action.equals("login")) {
String stuNumStr = request.getParameter("stuNum");
//int stuNum = Integer.parseInt(request.getParameter("stuNum"));
String psw = request.getParameter("psw"); int stuNum = Integer.parseInt(stuNumStr); Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost/buct?user=root&password=root";
Connection conn = DriverManager.getConnection(url);
Statement stmt = conn.createStatement();
String sql = "select * from user where stuNum = " + stuNum + " and psw = " + psw;
ResultSet rs = stmt.executeQuery(sql);
if(rs.next()) {
session.setAttribute("admin", stuNumStr);
response.sendRedirect("courseManager.jsp");
}
else out.println("登录出错!请检查用户名及密码是否正确");
rs.close();
stmt.close();
conn.close();
}
%>
request.setCharacterEncoding("gbk");String action = request.getParameter("action");if(action != null && action.equals("login")) {
String stuNumStr = request.getParameter("stuNum");
//int stuNum = Integer.parseInt(request.getParameter("stuNum"));
String psw = request.getParameter("psw"); int stuNum = Integer.parseInt(stuNumStr); Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost/buct?user=root&password=root";
Connection conn = DriverManager.getConnection(url);
Statement stmt = conn.createStatement();
String sql = "select * from user where stuNum = " + stuNum + " and psw = " + psw;
ResultSet rs = stmt.executeQuery(sql);
if(rs.next()) {
session.setAttribute("admin", stuNumStr);
response.sendRedirect("courseManager.jsp");
}
else out.println("登录出错!请检查用户名及密码是否正确");
rs.close();
stmt.close();
conn.close();
}
%>
MySQLSyntaxErrorException
<%
request.setCharacterEncoding("gbk");String action = request.getParameter("action");if(action != null && action.equals("login")) {
String stuNumStr = request.getParameter("stuNum");
//int stuNum = Integer.parseInt(request.getParameter("stuNum"));
String psw = request.getParameter("psw"); int stuNum = Integer.parseInt(stuNumStr); Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost/buct?user=root&password=root";
Connection conn = DriverManager.getConnection(url);
Statement stmt = conn.createStatement();
String sql = "select * from user where stuNum = " + stuNum;
ResultSet rs = stmt.executeQuery(sql);
while(rs.next()) {
if(psw.equals(rs.getString("psw"))) {
session.setAttribute("admin", stuNumStr);
response.sendRedirect("courseManager.jsp");
}
else out.println("登录出错!请检查用户名及密码是否正确");
}
rs.close();
stmt.close();
conn.close();
}
%>
好奇怪
这个SQL语句,stuNum ,psw 字段在数据库中都是什么类型的?是不是需要加单引号
假如都已注册过
psw 是 varchar
这两个都是通过返回参数取得的
为何要加单引号呢?
谢谢你
正是你说的问题
正确的语句应该是
"select * from user where stuNum = " + stuNum + " and psw = '" + psw + "'";