日期:2014-05-18  浏览次数:20678 次

怎样从数据库里读出相应的数据以验证客户输入的名字和密码是否正确?求教。
文件如下:
<%@page   contentType= "text/html;charset=GBK "%>
<%@page   import= "java.sql.* "%>
<%@page   import= "jspdes.* "%>
<jsp:useBean   id= "userNow "   class= "jspdes.UserBean "   scope= "session "   > </jsp:useBean>
<jsp:setProperty   name= "userNow "   property= "* "> </jsp:setProperty>
<%
   
    Connection   con   =   null;
    try   {
        con   =   DBConnection.getConnection();
        PreparedStatement   pStat   =   con.prepareStatement( "select   *   from   T_USER   where   PASSWORD   =   ?   USER_NAME=? ");
        pStat.setString(1,   userNow.getPassword());
        pStat.setString(1,   userNow.getUserName());
        ResultSet   rs   =   pStat.executeQuery();
        if   (rs.next())   {
            userNow.setUserName(rs.getString(2));
            session.setAttribute( "ses_bean0 ",   userNow);
%>
<jsp:forward   page= "allUser.jsp "> </jsp:forward>
<%}   else   {%>
<jsp:forward   page= "fail.jsp "> </jsp:forward>
<%
    }}   catch   (Exception   e)   {
        e.printStackTrace();
    }
%>

要判断从前面传过来的用户名和密码是否正确,我用了一个PreparedStatement模糊查询,

PreparedStatement   pStat   =   con.prepareStatement( "select   *   from   T_USER   where   PASSWORD   =   ?   USER_NAME=? ");
        pStat.setString(1,   userNow.getPassword());
        pStat.setString(1,   userNow.getUserName());//其中userNow   是一个javaBeans的事例,这三句话对吗?我试了试,这个文件既不向allUser.jsp跳转,也不向fail.jsp跳转,PreparedStatement   pStat   =   con.prepareStatement()这个模糊查询该怎么用呢?

------解决方案--------------------
pStat.setString(1, userNow.getPassword());
pStat.setString(1, userNow.getUserName());
你把两个值都赋给了第一个占位符,所以出错了,应该是这样吧
pStat.setString(1, userNow.getPassword());
pStat.setString(2, userNow.getUserName());

------解决方案--------------------
pStat.setString(1, userNow.getPassword());
pStat.setString(2, userNow.getUserName()); <-----1改成2
因为第二个问号才是user_name
------解决方案--------------------
PreparedStatement pStat = con.prepareStatement( "select * from T_USER where PASSWORD = ? USER_NAME=? ");
pStat.setString(1, userNow.getPassword());
pStat.setString(1, userNow.getUserName());

sql语句写错了,少了个and
select * from T_USER where PASSWORD = ? and USER_NAME=?
其次,setString,应该是
pStat.setString(1, userNow.getPassword());
pStat.setString(2, userNow.getUserName());