<%
    //获取用户名
    String sUserName = request.getParameter ( "txtUserName" );
    if ( sUserName == "" || sUserName == null || sUserName.length()>20 )
    {
     try
     {
      response.sendRedirect ( "login.html" );
     } catch ( Exception e )
     {
     }
    }

    //获取密码
    String sPasswd = request.getParameter ( "txtPassword" );
    if ( sPasswd == "" || sPasswd == null || sPasswd.length()>20 )
    {
     try
     {
      response.sendRedirect ( "login.html" );
     } catch ( Exception e )
     {
     }
    }

    //登记JDBC驱动程序
    Class.forName ( "org.gjt.mm.mysql.Driver" ).newInstance ( );
    //连接参数与Access不同
    String url = "jdbc:mysql://localhost/LearnJSP";
    //建立连接
    Connection connection = DriverManager.getConnection ( url, "root",
      "011124" );
    //SQL语句
    String sql = "select * from userinfo where username='" + sUserName
      + "' and userpwd = '" + sPasswd + "'";

    Statement stmt = connection.createStatement ( );
    ResultSet rs = stmt.executeQuery ( sql ); //返回查询结果

    //如果记录集非空，表明有匹配的用户名和密码，登陆成功
    if ( rs.next ( ) )
    {
     //登录成功后将sUserName设置为session变量的UserName
     //这样在后面就可以通过 session.getAttribute("UserName") 来获取用户名，
     //同时这样还可以作为用户登录与否的判断依据
     session.setAttribute ( "UserName", sUserName );
     out.print (  "登录成功！" );
     out.print ( session.getAttribute ( "UserName" ) + " 欢迎您！" );
    } else
    //否则登录失败
    {
     out.println ( "用户名不存在或密码错误！" );
    }

    rs.close ( );
    stmt.close ( );
    connection.close ( );
   %>

 

数据库中所有表的字段长度的设计标准是应该是足够用,但不浪费存储空间.
我们可以发现,上面数据库中字段限制在20个字符以内,那么程序中也应该作一个限制,
否则可能给网站出现严重的问题.
将上面源码修改如下:
    .....
           size="20" maxlength="20"
       onfocus="if(this.value=='Your name')this.value='';">
密码：
             size="20" maxlength="20"
       onfocus="if(this.value=='Your password')this.value='';">

    .....

    .....
    if ( sUserName == "" || sUserName == null || sUserName.length()>20 )
    ....
    if ( sPasswd == "" || sPasswd == null || sPasswd.length()>20 )
    ......

这样问题就彻底解决了.