使用JSP成功注册后，显示用户名和密码 [英] Show Username and Password after Successful registration using JSP

问题描述

如何在成功注册后显示的页面中显示用户名和密码.

How to show the Username and Password in the Page which I am displaying after successful Registration.

我为注册开发的代码如下

The code I developed for Registration is as follows

<%@page import="java.io.*,java.sql.*;" %>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Halcyon Technologies Pvt. Ltd.</title>
</head>
<body bgcolor="#D9EEFB">
    <p
      <% try
      {
       String Username;
       String Password;
       ResultSet rs;
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
       Connection con=DriverManager.getConnection("jdbc:odbc:OnlineExam");
       Statement st=con.createStatement();
       Statement st2=con.createStatement();
       Statement st3=con.createStatement();
       String status="s";
       st2.executeUpdate("insert into Login values('"+request.getParameter("username")+"','"
                                                     +request.getParameter("password")+"','"
                                                     +status+"')");
       st.executeUpdate("insert into Details values('"+request.getParameter("username")+"','"
                                                      +request.getParameter("name")+"','"
                                                      +request.getParameter("gender")+"','"
                                                      +request.getParameter("sel_cat")+"')");
       if(request.getParameter("sel_cat").equals("Experienced"))
       {
                  st3.executeUpdate("insert into Experienced values('"+request.getParameter("username")+"','"+request.getParameter("expyears")+"','"+request.getParameter("company")+"','"+request.getParameter("designation")+"','"+request.getParameter("salary")+"','"+request.getParameter("comAddress")+"')");
       }
        String s1 = request.getParameter("username");
        String s2 = request.getParameter("password");

        session.setAttribute("s1", s1);
        session.setAttribute("s2", s2);
        rs = st.executeQuery("select Username, Password from Login where Username='" + s1 + "'");

       if (rs.next()) 
        {
            Username=rs.getString(1);
            Password=rs.getString(2);
            System.out.println(Username);
            System.out.println(Password);
        }
       st.close();
       st2.close();
       st3.close();
       }

       catch(Exception e)
               {
           out.println(e);
               }
%>
  <font color="red" size="5"> You have registered successfully!!!<br></font>
  <font color="red" size="5"> Username :  <br></font>
  <font color="red" size="5"> Password :  <br></font>
  <p><a href="Login.jsp"><strong>Go Forward</strong></a></p>
</body>
</html>

我可以在控制台上获取用户名和密码，但是如何在JSP上显示它们.

I could able to get the Username and Password on console, but how to display them on JSP.

要在控制台上显示的代码是

The code here to display on console is

if (rs.next()) 
        {
            Username=rs.getString(1);
            Password=rs.getString(2);
            System.out.println(Username);
            System.out.println(Password);
        }

下面显示JSP的代码.在此JSP中，我要显示用户名"和密码".

The code to display JSP is below. In this JSP i want to display Username and Password.

 <font color="red" size="5"> You have registered successfully!!!<br></font>
  <font color="red" size="5"> Username :  <br></font>
  <font color="red" size="5"> Password :  <br></font>
  <p><a href="Login.jsp"><strong>Go Forward</strong></a></p>

如何编写代码以在JSP中显示用户名和密码?

How to code to display Username and Password in JSP?

推荐答案

这不是有效的SQL查询:

This is not a valid SQL query:

"select Username and  Password from Login where Username='" + c1 +"'"

应该是:

"select Username, Password from Login where Username='" + c1 +"'"

但是，您应该使用PreparedStatement而不是简单的语句，因为当前的SQL非常适合 SQL注入攻击:想一想如果变量c1具有值:' or '1'='1(这是这种攻击的典型且最基本的示例)，查询将给出什么样的结果.

However, you should use PreparedStatement instead of simple statements as your current SQL is very good candidate for a SQL Injection attack: Just think what kind of results the query would give if the variable c1 has the value: ' or '1'='1 (this is the typical and most basic example for this kind of attack).

要更正它，请执行以下操作:

To correct it do something like:

PreparedStatement st = con.prepareStatement("select Username, Password from Login where Username=?");
st.setString(1, c1);
ResultSet rs = st.executeQuery();

其他备注:

• 永远不要以纯文本格式存储密码，您应该对它们进行哈希处理，那里有很多用于加密和验证密码的工具.
• 尝试对变量/属性/etc使用有意义的名称，否则代码最终将无法读取.使用名为username的变量比c1好得多，并且可以帮助其他人理解您的代码在做什么.

• Never store passwords in plain text, you should hash them, there are a lot of tools out there to encrypt and verify passwords.
• Try to use significative names for your variables/attributes/etc or you code will end up being impossible to read. Using a variable named username is way much better than c1 and would help others understand what your code is doing.

这篇关于使用JSP成功注册后，显示用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！