使用JSP成功注册后,显示用户名和密码 [英] Show Username and Password after Successful registration using JSP
问题描述
如何在成功注册后显示的页面中显示用户名和密码.
How to show the Username and Password in the Page which I am displaying after successful Registration.
我为注册开发的代码如下
The code I developed for Registration is as follows
<%@page import="java.io.*,java.sql.*;" %>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Halcyon Technologies Pvt. Ltd.</title>
</head>
<body bgcolor="#D9EEFB">
<p
<% try
{
String Username;
String Password;
ResultSet rs;
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:OnlineExam");
Statement st=con.createStatement();
Statement st2=con.createStatement();
Statement st3=con.createStatement();
String status="s";
st2.executeUpdate("insert into Login values('"+request.getParameter("username")+"','"
+request.getParameter("password")+"','"
+status+"')");
st.executeUpdate("insert into Details values('"+request.getParameter("username")+"','"
+request.getParameter("name")+"','"
+request.getParameter("gender")+"','"
+request.getParameter("sel_cat")+"')");
if(request.getParameter("sel_cat").equals("Experienced"))
{
st3.executeUpdate("insert into Experienced values('"+request.getParameter("username")+"','"+request.getParameter("expyears")+"','"+request.getParameter("company")+"','"+request.getParameter("designation")+"','"+request.getParameter("salary")+"','"+request.getParameter("comAddress")+"')");
}
String s1 = request.getParameter("username");
String s2 = request.getParameter("password");
session.setAttribute("s1", s1);
session.setAttribute("s2", s2);
rs = st.executeQuery("select Username, Password from Login where Username='" + s1 + "'");
if (rs.next())
{
Username=rs.getString(1);
Password=rs.getString(2);
System.out.println(Username);
System.out.println(Password);
}
st.close();
st2.close();
st3.close();
}
catch(Exception e)
{
out.println(e);
}
%>
<font color="red" size="5"> You have registered successfully!!!<br></font>
<font color="red" size="5"> Username : <br></font>
<font color="red" size="5"> Password : <br></font>
<p><a href="Login.jsp"><strong>Go Forward</strong></a></p>
</body>
</html>
我可以在控制台上获取用户名和密码,但是如何在JSP上显示它们.
I could able to get the Username and Password on console, but how to display them on JSP.
要在控制台上显示的代码是
The code here to display on console is
if (rs.next())
{
Username=rs.getString(1);
Password=rs.getString(2);
System.out.println(Username);
System.out.println(Password);
}
下面显示JSP的代码.在此JSP中,我要显示用户名"和密码".
The code to display JSP is below. In this JSP i want to display Username and Password.
<font color="red" size="5"> You have registered successfully!!!<br></font>
<font color="red" size="5"> Username : <br></font>
<font color="red" size="5"> Password : <br></font>
<p><a href="Login.jsp"><strong>Go Forward</strong></a></p>
如何编写代码以在JSP中显示用户名和密码?
How to code to display Username and Password in JSP?
推荐答案
这不是有效的SQL查询:
This is not a valid SQL query:
"select Username and Password from Login where Username='" + c1 +"'"
应该是:
"select Username, Password from Login where Username='" + c1 +"'"
但是,您应该使用PreparedStatement
而不是简单的语句,因为当前的SQL非常适合 SQL注入攻击:想一想如果变量c1
具有值:' or '1'='1
(这是这种攻击的典型且最基本的示例),查询将给出什么样的结果.
However, you should use PreparedStatement
instead of simple statements as your current SQL is very good candidate for a SQL Injection attack: Just think what kind of results the query would give if the variable c1
has the value: ' or '1'='1
(this is the typical and most basic example for this kind of attack).
要更正它,请执行以下操作:
To correct it do something like:
PreparedStatement st = con.prepareStatement("select Username, Password from Login where Username=?");
st.setString(1, c1);
ResultSet rs = st.executeQuery();
其他备注:
- 永远不要以纯文本格式存储密码,您应该对它们进行哈希处理,那里有很多用于加密和验证密码的工具.
- 尝试对变量/属性/etc使用有意义的名称,否则代码最终将无法读取.使用名为
username
的变量比c1
好得多,并且可以帮助其他人理解您的代码在做什么.
- Never store passwords in plain text, you should hash them, there are a lot of tools out there to encrypt and verify passwords.
- Try to use significative names for your variables/attributes/etc or you code will end up being impossible to read. Using a variable named
username
is way much better thanc1
and would help others understand what your code is doing.
这篇关于使用JSP成功注册后,显示用户名和密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!