在程序中获得意外的输出
这是代码:
String sql_1 = "select emp_id,password from regid"; ResultSet rs = st.executeQuery(sql_1); while(rs.next()) { if(((employee.equals(rs.getString("emp_id"))) && (password.equals(rs.getString("password"))))==true) { // String sql2="update regid set regid='"+Datastore.regIds.add(regId)+"' where emp_id='"+employee+"'"; // st.executeUpdate(sql2); System.out.println("2> Employee Id : "+employee+" && Password : "+password); System.out.println("3> This employee "+employee+" exsists in the database and registration-password id will be Updated"); // resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html"); PrintWriter out = resp.getWriter(); out.print(""); out.print(""); out.print("Policy Page "); out.print(""); out.print(""); String status = (String) req.getAttribute(ATTRIBUTE_STATUS); if (status != null) { out.print("Status :"+status); } List devices = Datastore.getDevices(); if (devices.isEmpty()) { out.print("No devices registered!
"); } else { out.print("" + devices.size() + " device(s) registered!
"); out.print(""); // System.out.println(HTTP_STATUS); System.out.println(HttpServletResponse.SC_OK); getServletContext().getRequestDispatcher("/home").forward(req, resp); } out.print(""); resp.setStatus(HttpServletResponse.SC_OK); } else { resp.setStatus(HttpServletResponse.SC_BAD_REQUEST); System.out.println(HttpServletResponse.SC_BAD_REQUEST); System.out.println("4> This employee "+employee+" does not exsist in the database"); } } // rs.close(); }
但是我得到了输出,但我正在输入正确的emp_id和密码(仍然显示4> + java.lang.illegalstateexception(不知道为什么?? :()):
1> Employee : P1 && Password : ppp 400 4> This employee P1 does not exsist in the database 2> Employee Id : P1 && Password : ppp 3> This employee P1 exsists in the database and registration-password id will be Updated 400 4> This employee P1 does not exsist in the database
任何想法……为什么会这样?
它正在发生,因为你的算法包括:
- 通过所有员工进行迭代
- 如果员工匹配ID /密码,请打印2>,否则打印4>
因此,您将为匹配的一个输出2>, 3>
输出,而其他所有输出将为您提供错误400。
相反,您可以遍历所有员工(尽管最好为SQL添加标准以缩小密码和员工ID的结果集),除非您已经用完所有结果,否则不输出错误找不到匹配的。
PreparedStatement stmt = null; try { stmt = new PreparedStatement("select * from regis where emp_id=? and password=?"); stmt.setString(1, employee); stmt.setString(2, password); ResultSet rs = stmt.executeQuery(); if(rs.next()) { System.out.println("2> Employee Id : "+employee+" && Password : "+password); System.out.println("3> This employee "+employee+" exsists in the database and resp.setContentType("text/html"); PrintWriter out = resp.getWriter(); out.print(""); out.print(""); out.print("Policy Page "); out.print(""); out.print(""); String status = (String) req.getAttribute(ATTRIBUTE_STATUS); if (status != null) { out.print("Status :"+status); } List devices = Datastore.getDevices(); if (devices.isEmpty()) { out.print("No devices registered!
"); } else { out.print("" + devices.size() + " device(s) registered!
"); out.print(""); // System.out.println(HTTP_STATUS); System.out.println(HttpServletResponse.SC_OK); getServletContext().getRequestDispatcher("/home").forward(req, resp); } out.print(" "); resp.setStatus(HttpServletResponse.SC_OK); } else { resp.setStatus(HttpServletResponse.SC_BAD_REQUEST); System.out.println(HttpServletResponse.SC_BAD_REQUEST); System.out.println("4> This employee "+employee+" does not exsist in the database"); } } catch(Exception e) { e.printStackTrace(); } finally { try { stmt.close(); } catch(Exception x) {} }
你的缩进没有帮助你。 您正在遍历所有员工,并比较每个员工的用户名和密码 – 所以有时您会得到匹配,有时您不会。
此代码存在多个问题:
- 如果您只查找一个结果,请不要向数据库询问所有行! 您应该传递查询参数并在数据库中进行过滤。 然后,您可以通过查看结果中是否有任何行来确定您是否匹配。
- 你的缩进很难看出发生了什么
-
您正在使用大量不必要的括号并与
true
进行比较,例如if(((employee.equals(rs.getString("emp_id"))) && (password.equals(rs.getString("password"))))==true)
会更好的
if(employee.equals(rs.getString("emp_id") && password.equals(rs.getString("password"))
-
您似乎使用纯文本密码。 不要这样做。