请教jsp问题高手留步
我做一个jsp登录页,但不知什么原因出错,高手给条明路代码如下:
<%
String user=new String(request.getParameter("user").getBytes("ISO-8859-1"));
String pass=new String(request.getParameter("pass").getBytes("ISO-8859-1"));
Connection conn;
Statement sql;
ResultSet rs;
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
}
catch(ClassNotFoundException e){}
try
{
conn=DriverManager.getConnection("jdbc:odbc:aa","","");
sql=conn.createStatement();
rs=sql.executeQuery("SELECT * FORM username WHERE username="+user+"password="+pass);
if(rs.next())
{
if(user.equals("user")&&pass.equals("password"))
{
response.sendRedirect("index.jsp");
}
else
{
out.print("您的密码或者用户名有误,请从新登录");
}
}
conn.close();
}
catch(SQLException e1){}
%>
搜索更多相关主题的帖子:
jsp quot String
----------------解决方案--------------------------------------------------------
SELECT * FORM username WHERE username='"+user+"' password='"+pass+"'
----------------解决方案--------------------------------------------------------
rs=sql.executeQuery("SELECT * FORM username WHERE username="+user+"password="+pass); ?? "FORM",应该是"FROM"吧!
----------------解决方案--------------------------------------------------------
回复 3# 的帖子
他的这个from差点把我气死!!! ----------------解决方案--------------------------------------------------------
呵呵,LZ那么不小心,像LZ的例子最好不要用Statement,用prapraedstate
----------------解决方案--------------------------------------------------------
SELECT * FroM username WHERE username='"+user+"' and password='"+pass+"'
----------------解决方案--------------------------------------------------------