本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下：

Login.java代码如下：

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Login extends HttpServlet{

public void doGet(HttpServletRequest req,HttpServletResponse res){

try{req.setCharacterEncoding("gb2312");

res.setContentType("text/html;charset=gb2312");

PrintWriter pw=res.getWriter();

pw.println("<html>");

pw.println("<body>");

pw.println("<h1>登陆界面</h1>");

pw.println("<form action=logincl method=post>");

pw.println("用户名:<input type=text name=username><br>");

pw.println("密码:<input type=password name=passwd><br>");

pw.println("<input type=submit value=login><br>");

pw.println("</form>");

pw.println("</body>");

pw.println("</html>");

}

catch(Exception e){

e.printStackTrace();

}

}

public void doPost(HttpServletRequest req,HttpServletResponse res){

this.doGet(req,res);

}

}

LoginCl.java代码如下：

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

import java.sql.*;

public class LoginCl extends HttpServlet{

public void doGet(HttpServletRequest req,HttpServletResponse res){

Connection conn=null;

Statement stmt=null;

ResultSet rs=null;

String sql = "select username,passwd from users where username = ? and passwd = ";

try{//req.setCharacterEncoding("gb2312");

String user=req.getParameter("username");

String password=req.getParameter("passwd");

Class.forName("com.mysql.jdbc.Driver");

conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");

// stmt=conn.createStatement();

PreparedStatement pstmt = conn.prepareStatement(sql);

pstmt.setString(1, user);

pstmt.setString(2, password);

rs = pstmt.executeQuery();

// rs=stmt.executeQuery("select top 1 * from users where username='"+user

// +"' and passwd='"+password+"'");

if(rs.next())

{

HttpSession hs=req.getSession(true);

hs.setMaxInactiveInterval(60);

hs.setAttribute("name",user);

res.sendRedirect("welcome"&upass="+password);

}

else{

res.sendRedirect("login"); //url

}

}

catch(Exception e){

e.printStackTrace();

}finally{

try{

if(rs!=null){

rs.close();

}

if(stmt!=null){

stmt.close();

}

if(conn!=null){

conn.close();

}

}catch(Exception e){

e.printStackTrace();

}

}

}

public void doPost(HttpServletRequest req,HttpServletResponse res){

this.doGet(req,res);

}

}

其实上面这个处理用户名密码带有明显注入漏洞，可以根据用户名从数据库取密码，用取出的密码和用户输入的密码比较

复制代码 代码如下:

sql=select passwd from users where username = ? limit 1

if(rs.next())

{

String passwd=rs.getString(1);

if(passwd.equals(password))

//密码正确

else //密码错误

}

Welcome.java代码如下：

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Welcome extends HttpServlet{

public void doGet(HttpServletRequest req,HttpServletResponse res){

HttpSession hs=req.getSession();

String val=(String)hs.getAttribute("pass");

if(val==null){

try{

System.out.print(1);

res.sendRedirect("login");

}catch(Exception e){

e.printStackTrace();

}

}

String u=req.getParameter("uname");

String p=req.getParameter("upass");

try{//req.setCharacterEncoding("gb2312");

PrintWriter pw=res.getWriter();

pw.println("welcome! "+u+"&pass="+p);

}

catch(Exception e){

e.printStackTrace();

}

}

public void doPost(HttpServletRequest req,HttpServletResponse res){

this.doGet(req,res);

}

}

希望本文所述对大家的Java程序设计有所帮助。