By zieckey(
http://blog.csdn.net/zieckey)
All Rights Reserved!
前台login.html和后台verifylogin.jsp两个页面组成:
login.html内容:
登录用户登录
οnfοcus="if(this.value=='Your name')this.value='';">
密码:
οnfοcus="if(this.value=='Your password')this.value='';">
verifylogin.jsp内容:
pageEncoding="UTF-8"%>
登录//获取用户名
String sUserName = request.getParameter ( "txtUserName" );
//获取密码
String sPasswd = request.getParameter ( "txtPassword" );
//登记JDBC驱动程序
Class.forName ( "org.gjt.mm.mysql.Driver" ).newInstance ( );
//连接参数与Access不同
String url = "jdbc:mysql://localhost/LearnJSP";
//建立连接
Connection connection = DriverManager.getConnection ( url, "root",
"011124" );
//SQL语句
String sql = "select * from userinfo where username='" + sUserName
+ "' and userpwd = '" + sPasswd + "'";
Statement stmt = connection.createStatement ( );
ResultSet rs = stmt.executeQuery ( sql ); //返回查询结果
//如果记录集非空,表明有匹配的用户名和密码,登陆成功
if ( rs.next ( ) )
{
out.println ( "登录成功!" );
} else
//否则登录失败
{
out.println ( "用户名不存在或密码错误!" );
}
rs.close ( );
stmt.close ( );
connection.close ( );
%>
下面为客户端添加代码验证功能:
登录用户登录
οnfοcus="if(this.value=='Your name')this.value='';">
密码:
οnfοcus="if(this.value=='Your password')this.value='';">
function validateLogin()
{
var sUserName = document.frmLogin.txtUserName.value;
var sPassword = document.frmLogin.txtPassword.value;
if( sUserName=="" )
{
alert("请输入用户名!");
return false;
}
if( sPassword=="" )
{
alert("请输入密码!");
return false;
}
}
为服务器端添加代码验证功能:
pageEncoding="UTF-8"%>
登录//获取用户名
String sUserName = request.getParameter ( "txtUserName" );
if ( sUserName == "" || sUserName == null || sUserName.length()>20 )
{
try
{
response.sendRedirect ( "login.html" );
} catch ( Exception e )
{
}
}
//获取密码
String sPasswd = request.getParameter ( "txtPassword" );
if ( sPasswd == "" || sPasswd == null || sPasswd.length()>20 )
{
try
{
response.sendRedirect ( "login.html" );
} catch ( Exception e )
{
}
}
//登记JDBC驱动程序
Class.forName ( "org.gjt.mm.mysql.Driver" ).newInstance ( );
//连接参数与Access不同
String url = "jdbc:mysql://localhost/LearnJSP";
//建立连接
Connection connection = DriverManager.getConnection ( url, "root",
"011124" );
//SQL语句
String sql = "select * from userinfo where username='" + sUserName
+ "' and userpwd = '" + sPasswd + "'";
Statement stmt = connection.createStatement ( );
ResultSet rs = stmt.executeQuery ( sql ); //返回查询结果
//如果记录集非空,表明有匹配的用户名和密码,登陆成功
if ( rs.next ( ) )
{
//登录成功后将sUserName设置为session变量的UserName
//这样在后面就可以通过 session.getAttribute("UserName") 来获取用户名,
//同时这样还可以作为用户登录与否的判断依据
session.setAttribute ( "UserName", sUserName );
out.print ( "登录成功!" );
out.print ( session.getAttribute ( "UserName" ) + " 欢迎您!" );
} else
//否则登录失败
{
out.println ( "用户名不存在或密码错误!" );
}
rs.close ( );
stmt.close ( );
connection.close ( );
%>
数据库中所有表的字段长度的设计标准是应该是足够用,但不浪费存储空间.
我们可以发现,上面数据库中字段限制在20个字符以内,那么程序中也应该作一个限制,
否则可能给网站出现严重的问题.
将上面源码修改如下:
.....
size="20" maxlength="20"
οnfοcus="if(this.value=='Your name')this.value='';">
密码:
size="20" maxlength="20"
οnfοcus="if(this.value=='Your password')this.value='';">
.....
.....
if ( sUserName == "" || sUserName == null || sUserName.length()>20 )
....
if ( sPasswd == "" || sPasswd == null || sPasswd.length()>20 )
......
这样问题就彻底解决了.