JSP用户名跟密码登陆,提示帐户不存在_Java Web开发

JSP用户名和密码登陆,提示帐户不存在?
密码验证

Java code

<%@include file="dbsconn.jsp"%><%    Statement st;   st=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);   String login_name = request.getParameter("login_name");   String password=request.getParameter("password");   String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";   ResultSet rs=st.executeQuery(sql);   if(rs.getInt(0)!=0) response.sendRedirect("/main.jsp");   else response.sendRedirect("login.jsp");      session.setAttribute("grade","");    session.setAttribute("BranchID","");   session.setAttribute("NodeID","");    session.setAttribute("UserPrivate","");   session.setAttribute("UserId","");   %>

dbsconn.jsp

Java code

Connection conn = null; String driver = "com.microsoft.jdbc.sqlserver.SQLServerDriver"; //String driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"; String url = "jdbc:microsoft:sqlserver://localhost:1433;databaseName=NetBank"; String name = "sa"; String pass = "123456";//连接数据库的方法try{System.out.println("***加载数据库驱动***");Class.forName(driver);System.out.println("***数据库驱动加载成功***");System.out.println("***连接数据库***");conn = DriverManager.getConnection(url, name, pass);System.out.println("***数据库连接成功***");} catch (ClassNotFoundException ce){System.out.println("找不到jar驱动包或者驱动连接字符出错!");ce.printStackTrace();} catch (SQLException se){System.out.println("SQL连接字符串出错!");se.printStackTrace();} catch (Exception e){e.printStackTrace();}%>

编译器出现的错误
***加载数据库驱动***
***数据库驱动加载成功***
***连接数据库***
***数据库连接成功***
2012-9-13 20:52:33 org.apache.catalina.core.StandardWrapperValve invoke
严重: Servlet.service() for servlet jsp threw exception
java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC][SQLServer]列名 'admin' 无效。

页面下的错误:
org.apache.jasper.JasperException: An exception occurred processing JSP page /check_login.jsp at line 27

24: String login_name = request.getParameter("login_name");
25: String password=request.getParameter("password");
26: String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";
27: ResultSet rs=st.executeQuery(sql);
28: if(rs.getInt(0)!=0) response.sendRedirect("/main.jsp");
29: else response.sendRedirect("login.jsp");

------解决方案--------------------------------------------------------
组装SQL的时候，漏了单引号：
String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";
应该是：
String sql="select count(*) from UserT where UserName like '" + login_name + "' and password like '" + password + "'";

顺便提醒下，这种做法有：SQL注入漏洞
------解决方案--------------------------------------------------------

探讨

楼主：

你的这句sql：String sql="select count(*) from UserT where UserName like " + login_name + " and password like '" + password + "'";

编译后：应该是这样的

select count(*) from UserT where UserName li……