JSP用户名跟密码登陆,提示帐户不存在

JSP用户名和密码登陆,提示帐户不存在?
密码验证

Java code

<%@include file="dbsconn.jsp"%><%    Statement st;   st=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);   String login_name = request.getParameter("login_name");   String password=request.getParameter("password");   String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";   ResultSet rs=st.executeQuery(sql);   if(rs.getInt(0)!=0) response.sendRedirect("/main.jsp");   else response.sendRedirect("login.jsp");      session.setAttribute("grade","");    session.setAttribute("BranchID","");   session.setAttribute("NodeID","");    session.setAttribute("UserPrivate","");   session.setAttribute("UserId","");   %>

dbsconn.jsp

Java code

Connection conn = null; String driver = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; //String driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"; String url = "jdbc:microsoft:sqlserver://localhost:1433;databaseName=NetBank"; String name = "sa"; String pass = "123456";//连接数据库的方法try{System.out.println("***加载数据库驱动***");Class.forName(driver);System.out.println("***数据库驱动加载成功***");System.out.println("***连接数据库***");conn = DriverManager.getConnection(url, name, pass);System.out.println("***数据库连接成功***");} catch (ClassNotFoundException ce){System.out.println("找不到jar驱动包或者驱动连接字符出错!");ce.printStackTrace();} catch (SQLException se){System.out.println("SQL连接字符串出错!");se.printStackTrace();} catch (Exception e){e.printStackTrace();}%>

编译器出现的错误
***加载数据库驱动***
***数据库驱动加载成功***
***连接数据库***
***数据库连接成功***
2012-9-13 20:52:33 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet jsp threw exception
java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC][SQLServer]列名 'admin' 无效。


页面下的错误:
org.apache.jasper.JasperException: An exception occurred processing JSP page /check_login.jsp at line 27

24: String login_name = request.getParameter("login_name");
25: String password=request.getParameter("password");
26: String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";
27: ResultSet rs=st.executeQuery(sql);
28: if(rs.getInt(0)!=0) response.sendRedirect("/main.jsp");
29: else response.sendRedirect("login.jsp");


[解决办法]
组装SQL的时候，漏了单引号：
String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";
应该是：
String sql="select count(*) from UserT where UserName like '" + login_name + "' and password like '" + password + "'";

顺便提醒下，这种做法有：SQL注入漏洞
[解决办法]

探讨

楼主：

你的这句sql：String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";

编译后：应该是这样的

select count(*) from UserT where UserName li……

我的异常网推荐解决方案：An exception occurred processing JSP page,http://www.myexception.cn/j2se/33144.html

查看更多 下一篇