1.JS验证拦截
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme() + "://"
+ request.getServerName() + ":" + request.getServerPort()
+ path + "/";
%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>"> <title>Login</title> <meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<script>
// 用户名,密码验证
function checkInput() {
var vUserName = document.getElementById("UserName").value;
var vPwd = document.getElementById("Pwd").value; var regExp = /^[a-zA-Z0-9]{4,6}$/; if (vUserName.match(regExp) != null || vPwd.match(regExp) != null) { return true;
}
alert("用户名或密码不正确");
return false;
}
</script>
</head> <body>
<form method="POST" action="servlet/Login"
onsubmit="return checkInput()">
用户名: <input type="text" name="UserName" id="UserName" value="">
<BR> 密 码: <input type="password" name="Pwd" id="Pwd"> <BR>
<input type="submit">
</form>
</body>
</html>
2.使用PreparedStatement
static boolean doLogin(String myName, String pwd) {
String strPwdFromDb = "";
boolean bRet = false;
try {
PreparedStatement psta = con
.prepareStatement("SELECT Pwd FROM [USER] WHERE UserName = ? AND Pwd = ?");
psta.setString(1, myName);
psta.setString(1, pwd);
ResultSet ret = psta.executeQuery();
if (ret.next()) {
bRet = true;
}
psta.close();
return bRet;
} catch (SQLException e) {
e.printStackTrace();
}
return bRet;
}