A. jsp\java如何编写过滤器过滤特殊字符
正则表达式来校验:过滤器就网络一大堆,怎么写正则表达式,也可以网络,不知你说的特殊字符是什么字符,所以只能给方法
B. jsp怎样写防sql注入。就是注册的时候不能输入<input type="">这样的东西
public static String asHTML(String text) { if (text == null) return ""; StringBuffer results = null; char[] orig = null; int beg = 0, len = text.length(); for (int i = 0; i < len; ++i) { char c = text.charAt(i); switch (c) { case 0: case '&': case '<': case '>': case '"': if (results == null) { orig = text.toCharArray(); results = new StringBuffer(len + 10); } if (i > beg) results.append(orig, beg, i - beg); beg = i + 1; switch (c) { default: // case 0: continue; case '&': results.append("&"); break; case '<': results.append(">"); break; case '>': results.append("<"); break; case '"': results.append("\""); break; } break; } } if (results == null) return text; results.append(orig, beg, len - beg); return results.toString(); } 将特殊的符号都替换掉就可以了也可以判断有特殊符号就不让提交
C. 在JSP中如何利用过滤器实现从SQL表中登录
jsp中实现过滤器登录的方法是配置filter:
在servlet中实现代码如下:
HttpSession
session
=
request.getSession(false);
User
user
=
(session
!=
null)
?
session.getAttribute("user")
:
null;
if
(user
!=
null)
{
chain.doFilter(request,
response);
}
else
{
response.sendRedirect(request.getContextPath()
+
"/login");
}
jsp页面提交后到验证servlet:
String
username
=
request.getParameter("username");
String
password
=
request.getParameter("password");
Map<String,
String>
messages
=
new
HashMap<String,
String>();
if
(username
==
null
||
username.isEmpty())
{
messages.put("username",
"Please
enter
username");
}
if
(password
==
null
||
password.isEmpty())
{
messages.put("password",
"Please
enter
password");
}
if
(messages.isEmpty())
{
User
user
=
userService.find(username,
password);
if
(user
!=
null)
{
request.getSession().setAttribute("user",
user);
response.sendRedirect(request.getContextPath()
+
"/home");
return;
}
else
{
messages.put("login",
"Unknown
login,
please
try
again");
}
}
request.setAttribute("messages",
messages);
request.getRequestDispatcher("/WEB-INF/login.jsp").forward(request,
response);