From 1ea3982d91440668037fb0eb1cf2c5dcec04f20e Mon Sep 17 00:00:00 2001 From: Siryuanshao Date: Mon, 14 Jan 2019 03:07:42 +0800 Subject: [PATCH] Servlet code --- Servlet/WeChat/AddCart.java | 20 +++++++++ Servlet/WeChat/Address.java | 20 +++++++++ Servlet/WeChat/Authentication.java | 12 +++++ Servlet/WeChat/BookInfo.java | 45 +++++++++++++++++++ Servlet/WeChat/Buy.java | 20 +++++++++ Servlet/WeChat/CheckOrders.java | 39 ++++++++++++++++ Servlet/WeChat/Classify.java | 40 +++++++++++++++++ Servlet/WeChat/ExecuteUpd.java | 22 +++++++++ Servlet/WeChat/GetFrontInfo.java | 29 ++++++++++++ Servlet/WeChat/GetJson.java | 38 ++++++++++++++++ Servlet/WeChat/LoginDatabase.java | 72 ++++++++++++++++++++++++++++++ Servlet/WeChat/ModifyStatus.java | 35 +++++++++++++++ Servlet/WeChat/PersonInfo.java | 5 +++ Servlet/WeChat/sqlfilter.java | 27 +++++++++++ 14 files changed, 424 insertions(+) create mode 100644 Servlet/WeChat/AddCart.java create mode 100644 Servlet/WeChat/Address.java create mode 100644 Servlet/WeChat/Authentication.java create mode 100644 Servlet/WeChat/BookInfo.java create mode 100644 Servlet/WeChat/Buy.java create mode 100644 Servlet/WeChat/CheckOrders.java create mode 100644 Servlet/WeChat/Classify.java create mode 100644 Servlet/WeChat/ExecuteUpd.java create mode 100644 Servlet/WeChat/GetFrontInfo.java create mode 100644 Servlet/WeChat/GetJson.java create mode 100644 Servlet/WeChat/LoginDatabase.java create mode 100644 Servlet/WeChat/ModifyStatus.java create mode 100644 Servlet/WeChat/PersonInfo.java create mode 100644 Servlet/WeChat/sqlfilter.java diff --git a/Servlet/WeChat/AddCart.java b/Servlet/WeChat/AddCart.java new file mode 100644 index 0000000..fdbb0fa --- /dev/null +++ b/Servlet/WeChat/AddCart.java @@ -0,0 +1,20 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个页面的作用是把清单加入永久的购物车中, 以及由购物车变成以及购买的状态 +@WebServlet(name = "Servlet") +public class AddCart extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/Servlet/WeChat/Address.java b/Servlet/WeChat/Address.java new file mode 100644 index 0000000..0777310 --- /dev/null +++ b/Servlet/WeChat/Address.java @@ -0,0 +1,20 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个界面的作用是对于该用户的地址进行管理 +@WebServlet(name = "Address") +public class Address extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/Servlet/WeChat/Authentication.java b/Servlet/WeChat/Authentication.java new file mode 100644 index 0000000..6d304e7 --- /dev/null +++ b/Servlet/WeChat/Authentication.java @@ -0,0 +1,12 @@ +package WeChat; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +public class Authentication { + // 用cookie验证用户身份 + public static boolean islegal(HttpServletRequest request){ + return true; + } +} diff --git a/Servlet/WeChat/BookInfo.java b/Servlet/WeChat/BookInfo.java new file mode 100644 index 0000000..d89aeab --- /dev/null +++ b/Servlet/WeChat/BookInfo.java @@ -0,0 +1,45 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 首先明确我们这个目的是目标页面的分类功能,根据用户所需要返回所有该类别的图书 +@WebServlet(name = "BookInfo", urlPatterns = {"/BookInfo.do"}, loadOnStartup = 2) +public class BookInfo extends HttpServlet { + protected void doPost(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + if (Authentication.islegal(request)) { + String bookid = request.getParameter("bookid"); + String fuzzy = request.getParameter("fuzzy"); + String bookname = request.getParameter("bookname"); + boolean isfuzzy = false; + if(fuzzy != null && fuzzy.equals("true") && bookname != null) isfuzzy = true; + // 防止sql注入 + if (isfuzzy || (bookid != null && sqlfilter.islegal(bookid))) { + String sql = ""; + if(!isfuzzy) sql = "select * from Book where BookId = " + bookid; + else sql = "select * from Book where BookName like '"+bookname+"%'"; + System.err.println(sql); + HashMap names = new HashMap<>(); + names.put("BookID","BookId"); + names.put("BookName","BookName"); + names.put("Author","Author"); + names.put("Price","Price"); + names.put("Introduce","Introduce"); + names.put("Type","Type"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + protected void doGet(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + doPost(request,response); + } +} diff --git a/Servlet/WeChat/Buy.java b/Servlet/WeChat/Buy.java new file mode 100644 index 0000000..7941b3d --- /dev/null +++ b/Servlet/WeChat/Buy.java @@ -0,0 +1,20 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +// 这个就是表示用户下单 +@WebServlet(name = "Buy") +public class Buy extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + } +} diff --git a/Servlet/WeChat/CheckOrders.java b/Servlet/WeChat/CheckOrders.java new file mode 100644 index 0000000..ed6e888 --- /dev/null +++ b/Servlet/WeChat/CheckOrders.java @@ -0,0 +1,39 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 检查该用户的订单 +@WebServlet(name = "CheckOrders", urlPatterns = {"/CheckOrders.do"}, loadOnStartup = 2) +public class CheckOrders extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String UserID = request.getParameter("UserID"); + String Statuetype = request.getParameter("status"); + // 防止sql注入 + if(UserID != null && sqlfilter.islegal(UserID)) { + String sql = "select MessageID,Book.BookID,UserName,BookName,'tel-phone',Address from User join Ordered on User.UserID = Ordered.UserID join Address on " + + "Address.UserId = Ordered.UserID and Address.MessageID = Ordered.MessageID join Book on Ordered.BookID = Book.BookID where User.UserID = " + + UserID; + if(Statuetype !=null && sqlfilter.isright(Statuetype)) sql += " and Status like '" + Statuetype + "%'"; + HashMap names = new HashMap<>(); + names.put("UserName","UserName"); + names.put("BookName","BookName"); + names.put("tel-phone","tel-phone"); + names.put("Address","Address"); + names.put("BookID","BookID"); + names.put("MessageID","MessageID"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/Servlet/WeChat/Classify.java b/Servlet/WeChat/Classify.java new file mode 100644 index 0000000..7fae2f6 --- /dev/null +++ b/Servlet/WeChat/Classify.java @@ -0,0 +1,40 @@ +package WeChat; + +import org.json.simple.JSONArray; +import org.json.simple.JSONObject; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.HashMap; + +// 首先明确我们这个目的是目标页面的分类功能,根据用户所需要返回所有该类别的图书 +@WebServlet(name = "Classify", urlPatterns = {"/Classify.do"}, loadOnStartup = 2) +public class Classify extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String booktype = request.getParameter("booktype"); + // 防止sql注入 + if(booktype != null && sqlfilter.islegal(booktype)) { + String sql = "select * from Book where Type = " + booktype; + HashMap names = new HashMap<>(); + names.put("BookID","BookId"); + names.put("BookName","BookName"); + names.put("Author","Author"); + names.put("Price","Price"); + GetJson.Getinfo(request,response,sql,names); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request,response); + } +} diff --git a/Servlet/WeChat/ExecuteUpd.java b/Servlet/WeChat/ExecuteUpd.java new file mode 100644 index 0000000..16f4775 --- /dev/null +++ b/Servlet/WeChat/ExecuteUpd.java @@ -0,0 +1,22 @@ +package WeChat; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.rmi.ServerException; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Map; + +public class ExecuteUpd { + public static void Execute(HttpServletRequest request, String QueryString){ + ServletContext context = request.getServletContext(); + Statement state = (Statement)context.getAttribute("state"); + try{ + state.execute(QueryString); + }catch (Exception e){ + e.printStackTrace(); + } + } +} diff --git a/Servlet/WeChat/GetFrontInfo.java b/Servlet/WeChat/GetFrontInfo.java new file mode 100644 index 0000000..5056c04 --- /dev/null +++ b/Servlet/WeChat/GetFrontInfo.java @@ -0,0 +1,29 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.HashMap; + +// 得到首页信息 +@WebServlet(name = "GetFrontInfo", urlPatterns = {"/GetFrontInfo.do"}, loadOnStartup = 2) +public class GetFrontInfo extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + // 其实我们只要返回BookID对应的名称就可以了 + // 然后根据书本名字就可以在对应的目录 + if(Authentication.islegal(request)){ + String sql = "select Display.BookID,BookName from Book join Display on Display.BookID=Book.BookID"; + HashMap names = new HashMap<>(); + names.put("BookID","BookId"); + names.put("BookName","BookName"); + GetJson.Getinfo(request,response,sql,names); + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/Servlet/WeChat/GetJson.java b/Servlet/WeChat/GetJson.java new file mode 100644 index 0000000..4756101 --- /dev/null +++ b/Servlet/WeChat/GetJson.java @@ -0,0 +1,38 @@ +package WeChat; + +import org.json.simple.JSONObject; +import org.json.simple.JSONArray; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.rmi.ServerException; +import java.sql.ResultSet; +import java.sql.Statement; +import java.util.Map; + +public class GetJson { + public static void Getinfo(HttpServletRequest request, HttpServletResponse response, String QueryString, Map names) throws ServerException, IOException { + response.setHeader("Content - Encoding","utf-8"); + response.setContentType("text/json; charset=utf-8"); + ServletContext context = request.getServletContext(); + PrintWriter out = response.getWriter(); + Statement state = (Statement)context.getAttribute("state"); + JSONArray jsonArray = new JSONArray(); + try{ + ResultSet rs=state.executeQuery(QueryString); + while(rs.next()){ + JSONObject jsonObject = new JSONObject(); + for (Map.Entry entry : names.entrySet()) { + jsonObject.put(entry.getKey(), rs.getString(entry.getValue())); + } + //对于图片的话,我们直接返回对应的图书封面的url就可以了 + jsonArray.add(jsonObject); + } + }catch (Exception e){ + e.printStackTrace(); + } + out.println(jsonArray); + } +} diff --git a/Servlet/WeChat/LoginDatabase.java b/Servlet/WeChat/LoginDatabase.java new file mode 100644 index 0000000..1640e34 --- /dev/null +++ b/Servlet/WeChat/LoginDatabase.java @@ -0,0 +1,72 @@ +package WeChat; + +import java.io.IOException; +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.sql.Statement; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +// 连接数据库的我们是服务开始的时候 +@WebServlet(name = "LoginDatabase", urlPatterns = {"/Startup.do"}, loadOnStartup = 1) +public class LoginDatabase extends HttpServlet { + private String mysql, url, user, passwd; + private Connection conn; + private Statement state; + private void initDataBase() throws ClassNotFoundException, SQLException { + Class.forName(mysql); + conn = DriverManager.getConnection(url,user,passwd); + state = conn.createStatement(); + } + private void closeDataBase(){ + if(state != null) { + try{ + state.close(); + }catch (Exception e) { + e.printStackTrace(); + } + } + if(conn != null) { + try{ + conn.close(); + }catch (Exception e) { + e.printStackTrace(); + } + } + } + public void init(ServletConfig config) throws ServletException{ + super.init(config); + ServletContext context=getServletContext(); + mysql = context.getInitParameter("mysql"); + url = context.getInitParameter("url"); + user = context.getInitParameter("user"); + passwd = context.getInitParameter("passwd"); + try{ + initDataBase(); + }catch (Exception e){ + e.printStackTrace(); + } + context.setAttribute("conn",conn); + context.setAttribute("state",state); + } + public void destroy(){ + closeDataBase(); + super.destroy(); + } + public void doGet(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + response.sendRedirect("/index.html"); + } + public void doPost(HttpServletRequest request, + HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } +} diff --git a/Servlet/WeChat/ModifyStatus.java b/Servlet/WeChat/ModifyStatus.java new file mode 100644 index 0000000..cc50ea5 --- /dev/null +++ b/Servlet/WeChat/ModifyStatus.java @@ -0,0 +1,35 @@ +package WeChat; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.lang.module.ModuleFinder; +import java.util.HashMap; + +@WebServlet(name = "ModifyStatus", urlPatterns = {"/ModifyStatus"}, loadOnStartup = 2) +public class ModifyStatus extends HttpServlet { + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if(Authentication.islegal(request)){ + String UserID = request.getParameter("UserID"); + String BookID = request.getParameter("BookID"); + String MessageID = request.getParameter("MessageID"); + String Modify = request.getParameter("NewStatus"); + // 防止sql注入 + // 反正我觉得大概是没人用了,就无所谓吧? + if(UserID != null && sqlfilter.islegal(UserID) && MessageID !=null + && sqlfilter.islegal(BookID) && MessageID != null && sqlfilter.islegal(MessageID)) { + Modify = sqlfilter.filter(Modify); + String sql = "update Ordered set Status="+ Modify + " where UserID='" + + UserID + "' and BookID='" + BookID +"' and MessageID='" + MessageID+"'"; + ExecuteUpd.Execute(request,sql); + } + } + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doPost(request, response); + } +} diff --git a/Servlet/WeChat/PersonInfo.java b/Servlet/WeChat/PersonInfo.java new file mode 100644 index 0000000..86963f1 --- /dev/null +++ b/Servlet/WeChat/PersonInfo.java @@ -0,0 +1,5 @@ +package WeChat; + +public class PersonInfo { + //反正对应返回你们所需要的信息 +} diff --git a/Servlet/WeChat/sqlfilter.java b/Servlet/WeChat/sqlfilter.java new file mode 100644 index 0000000..4172833 --- /dev/null +++ b/Servlet/WeChat/sqlfilter.java @@ -0,0 +1,27 @@ +package WeChat; + +// 过滤掉奇奇怪怪的英文字符 +public class sqlfilter { + private static String danger="`~!@#$^&*()=|{}';'\\[].<>/?~!@#¥……&*——|{}"; + public static boolean islegal(String text) { + int length = text.length(); + if(length>5) return false; + for(int i=0; i='0'&&digit<='9')) return false; + } + return true; + } + public static boolean isright(String Status){ + if(Status.equals("待付款")||Status.equals("待收货")||Status.equals("待发货")||Status.equals("待评价")) return true; + else return false; + } + public static String filter(String sqlQue) { + StringBuffer ret = new StringBuffer(); + for (int i = 0; i < sqlQue.length(); i++) { + char sign = sqlQue.charAt(i); + if (danger.indexOf(sign) == -1) ret.append(sign); + } + return ret.toString(); + } +}