我想从数据库中检索用户名,但它给出了空白页面。我的代码有什么问题?
<html>
<head>
<title>verification</title>
</head>
<body>
<%@ page import = "java.io.*" %>
<%@ page import = "java.sql.*" %>
<%@ page import = "java.lang.*" %>
<%
String eid = request.getParameter("eid");
String Pwd = request.getParameter("Pwd");
String db_username = "root";
String db_password = "sarat";
String db_url = "jdbc:mysql://localhost/empdb";
String Driver = "com.mysql.jdbc.Driver";
try
{
Class.forName(Driver);
Connection con = DriverManager.getConnection(db_url,db_username,db_password);
Statement st = con.createStatement();
String sql = "select username from user where userid = 'eid' and password = 'Pwd' ";
ResultSet rs = st.executeQuery(sql);
while(rs.next())
{
out.println(rs.getString(1));
out.println("<br/>");
}
st.close ();
con.close();
}
catch(Exception e)
{
out.println(e);
e.printStackTrace();
}
%>
</body>
</html>
最佳答案
尝试:
String sql = "从用户中选择用户名,其中 userid = '"+eid+"' 且密码 = '"+Pwd+"' ";
但您还需要阅读 little Bobby Tables以及他的 SQL 注入(inject)攻击。
关于java - jsp编程,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3518450/