servlet+jsp

package com.dao; import java.sql.ResultSet; import java.sql.SQLException; import java.util.ArrayList; import com.db.DBConnect; import com.domain.User; public class UserDAO { ResultSet rs = null; String sql = null; String sql1 = null; DBConnect db = new DBConnect(); public boolean isUser(User user) throws SQLException { boolean a = false; sql = "select * from user_u where username='" + user.getUsername() + "' and password='" + user.getPassword() + "'"; rs = db.executeQuery(sql); if (rs.next()) { a = true; } rs.close(); return a; } public void addUser(User user) { sql = "insert into user_u(username,password) values('" + user.getUsername() + "','" + user.getPassword() + "')"; try { db.executeUpdate(sql); } catch (Exception ex) { System.out.print("AddUser error:" + ex.getMessage()); } } public void updateUser(User user,String id) { sql = "update user_u set password='" + user.getPassword() + "',username='" + user.getUsername() + "' where id='" + id + "'"; try { db.executeUpdate(sql); } catch (Exception ex) { System.out.print("updateUser error:" + ex.getMessage()); } } public void delUser(String id) { sql = "delete from user_u where id='" + id + "'"; db.executeUpdate(sql); } // public findById(String id) // { // sql="select " // } public ArrayList getAllUser() { ArrayList a = new ArrayList(); try { sql = "select * from user_u"; rs = db.executeQuery(sql); while (rs.next()) { User uu = new User(); uu.setUsername(rs.getString("username")); uu.setPassword(rs.getString("password")); uu.setId(rs.getString("id")); a.add(uu); } rs.close(); } catch (Exception ex) { System.out.print("get all user error:" + ex.getMessage()); } return a; } }