servlet mysql 用户登录验证问题
package myPack.module;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.*;
import javax.servlet.http.HttpSession;
import myPack.*;
/**
* 针对登录页面的后台处理类
*
* @author ShenYK
* @version 1.0
*/
public class MLogin extends MCommon {
public boolean getUserInfo(HttpSession mySession, String username,
String password) {
// 设置用户信息
Hashtable myValues = (Hashtable) mySession
.getAttribute(CommonConst.VIEWID_LOGIN);
myValues.put("username", username);
// 尝试查找用户
try {
// 载入MySQL的JDBC驱动类
//Class.forName(CommonConst.DB_DRIVER_CLASSNAME);
// 获得数据库连接
Connection conn = this.getDBConnection(mySession);
Statement stmt = null;
ResultSet rs = null;
try {
// 检查数据库中是否已经有该用户了
stmt = conn.createStatement();
// 执行SQL语句
String sQuery = "select realname from admin " + "where name='" + username + "' " + "and password='" + password + "'";
rs = stmt.executeQuery(sQuery);
if (rs.next()) {
//if (rs.getString("name").equals(username)) {
mySession.setAttribute("username", username);
mySession.setAttribute("realname", rs.getString("realname"));
return true;
}
// }else
// return true;
else {
mySession.setAttribute("errMsg", "用户名密码不正确!");
return false;
}
//}
} catch (Exception e) {
e.printStackTrace();
mySession.setAttribute("errMsg", "登录数据库时出现错误!");
return false;
} finally {
try {
rs.close();
stmt.close();
} catch (Exception ex) {
}
}
} catch (Exception ex) {
ex.printStackTrace();
mySession.setAttribute("errMsg", "登录数据库时出现错误!");
return false;
}
}
}
利用上述代码:if (rs.next()) {
//if (rs.getString("name").equals(username)) {
mySession.setAttribute("username", username);
mySession.setAttribute("realname", rs.getString("realname"));
return true;
}
// }else
// return true;
而不使用第二个if即:if (rs.getString("name").equals(username)) {
mySession.setAttribute("username", username);
mySession.setAttribute("realname", rs.getString("realname"));
return true;
}这句话地时候就能成功登录,否则只要用了第二个if即if (rs.getString("name").equals(username)) {
mySession.setAttribute("username", username);
mySession.setAttribute("realname", rs.getString("realname"));
return true
}即始终不能成功登录,这是怎么回事啊,如果用了第二个if逻辑上我认为也是正确的啊?
[解决办法]
你要实现这个目的,可以换个思路。可以查询时让mysql区分大小写。
select * from tablename where binary username='admin';
加上binary。