Serlvet学习笔记之三—数据库的操作

java.sql.*; import java.io.*; import javax.servlet.http.*; public class Logincl extends HttpServlet{ public void doGet(HttpServletRequest req,HttpServletResponse res){ Connection ct=null; Statement sm=null; ResultSet rs=null; try { String u=req.getParameter("username"); String p=req.getParameter("passwd"); //连接Oracle数据库 Class.forName("oracle.jdbc.driver.OracleDriver").newInstance(); ct=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:mydev","dev1","dev1"); sm=ct.createStatement(); rs=sm.executeQuery("select passwd from users where username=‘"+u+"‘"); //注入漏洞("select * from users where username=‘"+u+"‘ and passwd=‘"+p+"‘ or 1=‘"+1+"‘"); if(rs.next()){ String dbPasswd=rs.getString(1); if(dbPasswd.equals(p)){ res.sendRedirect("welcome"); } }else { res.sendRedirect("login"); //跳转的URL } } catch (Exception e) { e.printStackTrace(); }finally{　　　　　　　　　　　　　　　　　//关闭数据库资源 try { if(rs!=null){ rs.close(); } if(sm!=null){ sm.close(); } if(ct!=null){ ct.close(); } } catch (Exception ce) { ce.printStackTrace(); } } } public void doPost(HttpServletRequest req,HttpServletResponse res){ this.doGet(req, res); } }

 

Serlvet学习笔记之三—数据库的操作

标签：