小白第一次写文档,不喜勿喷啊
这篇文档是教大家如何使用jsp连接SQL Server数据库实现登录功能的,这里使用的MVC模式
我们这里使用的数据库对象为PreparedStatement,因为它的安全性相对于Statement较高些
如果是使用Statement对象的话大家可以使用:
用户名: 任意值 ’ or 1=1 –
密码: 任意值
进行破解登录,注意用户名中有一个单引号
大家连接SQL Server使用的jdbc驱动就自行下载了吧
下面就看看代码吧
第一部分:JavaBean代码(LoginBean.java)
package mybean;
public class LoginBean
{
private String loginName ; //用户名
private String loginPassword ; //密码
private String backNews ; //返回信息
private boolean success = false ; //判断登录是否成功
public LoginBean()
{
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getLoginPassword() {
return loginPassword;
}
public void setLoginPassword(String loginPassword) {
this.loginPassword = loginPassword;
}
public String getBackNews() {
return backNews;
}
public void setBackNews(String backNews) {
this.backNews = backNews;
}
public boolean isSuccess() {
return success;
}
public void setSuccess(boolean success) {
this.success = success;
}
}
第二部分:Servlet代码(LoginHandle.java)
package myservlet;
import java.io.IOException;
import java.sql.*;
import java.util.prefs.BackingStoreException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import mybean.LoginBean;
/**
* Servlet implementation class LoginHandle
*/
@WebServlet("/LoginHandle")
public class LoginHandle extends HttpServlet
{
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginHandle()
{
super();
// TODO Auto-generated constructor stub
}
/**
* @see Servlet#init(ServletConfig)
*/
public void init(ServletConfig config) throws ServletException
{
super.init(config);
//加载jdbc驱动程序
try
{
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
System.out.println("jdbc驱动程序加载成功");
}
catch( ClassNotFoundException e )
{
System.out.println("jdbc驱动程序加载失败:"+e);
}
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
//设置编码格式
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
response.setCharacterEncoding("utf-8");
//创建一个JavaBean对象
LoginBean loginBean = new LoginBean();
//将javabean对象保存到session对象中
HttpSession session = request.getSession();
session.setAttribute("loginBean", loginBean);
//获取表单中填写的用户登录信息
String loginName = request.getParameter("loginName");
String loginPassword = request.getParameter("loginPassword");
String backNews = "";
if( loginName == null || loginName.length() < 0 )
{
backNews += "用户名不得为空";
}
if( loginPassword == null || loginPassword.length() < 6 )
{
backNews += "\n密码长度须大于6";
}
try
{
Connection con = null ;
PreparedStatement preStmt = null;
ResultSet rs = null;
String user = "sa"; //数据库登录名
String pwd = "123456"; //数据库登录密码
String url = "jdbc:sqlserver://localhost:1433;DatabaseName=test";
//建立与数据库的连接
con = DriverManager.getConnection(url,user,pwd);
System.out.println("数据库连接成功");
//将用户填写的用户名和密码在users表中进行查询的语句
String loginCondition = "select * from users where userName = ? and password = ? ";
//创建数据库对象并进行预编译
preStmt = con.prepareStatement(loginCondition);
//对loginCondition进行赋值并查询
preStmt.setString(1, loginName);
preStmt.setString(2, loginPassword);
//执行查询语句
rs = preStmt.executeQuery();
//如果查询的记录不为空将在JavaBean中设置相应信息
if( rs.next() )
{
loginBean.setLoginName(loginName);
loginBean.setSuccess(true);
loginBean.setBackNews("登录成功");
}
else
{
loginBean.setBackNews("用户名或密码错误");
loginBean.setSuccess(false);
}
request.getRequestDispatcher("ShowLoginInfo.jsp").forward(request, response); //页面跳转
rs.close();
con.close();
preStmt.close();
}
catch( SQLException e )
{
System.out.println("登录失败:"+e);
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
// TODO Auto-generated method stub
doGet(request, response);
}
}
第三部分:jsp代码(Login.jsp)
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'Login.jsp' starting page</title>
<meta charset = "utf-8" />
</head>
<body align = "center">
<form action="LoginHandle" method = "post">
<table align = "center">
<tr>
<td>用户名:</td>
<td> <input type = "text" name = "loginName" size = "20" > </td>
</tr>
<tr>
<td> 密 码: </td>
<td> <input type = "password" name = "loginPassword" size = "20" maxlength = "18"> </td>
</tr>
<tr align = "center">
<td> <input type = "submit" value = "登录"/> </td>
</tr>
</table>
</form>
</body>
</html>