new_post_action.jsp

自己编写的jsp+mysql论坛系统,带后台系统.不是很完善,但是功能是完整的

<%@ page language="java" contentType="text/html; charset=GBK"
	pageEncoding="GBK"%>
<%@page import="java.util.*,java.io.*,java.sql.*,sth.*"%>
<%@ include file="conn.jsp"%>
<%
	request.setCharacterEncoding("GBK");
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=GBK">
	</head>
	<body>
		<%
			if (null != session.getAttribute("login")) {
				try {
					String strDo = "";
					String username = "";
					String authorid = "";
					String title = "";
					String content = "";

					codeToString cts = new codeToString();

					if (null != session.getAttribute("login"))
						username = cts.codeToString(session.getAttribute(
								"login").toString());
					if (null != request.getParameter("authorid"))
						authorid = cts.codeToString(request
								.getParameter("authorid"));
					if (null != request.getParameter("title"))
						title = cts.codeToString(request.getParameter("title"));
					if (null != request.getParameter("content"))
						content = cts.codeToString(request
								.getParameter("content"));

					//开头字符过滤
					for (int i = 1; i <= title.length(); i++) {
						if (title.substring(i - 1, i).equals(" ")
								|| title.substring(i - 1, i).equals("\"")) {
							title = title.substring(i, title.length());
						}
					}
					//字符处理&过滤
					title = title.replaceAll("'", "&sd");
					title = title.replaceAll("\"", "&dd");
					title = title.replaceAll(" ", "&nbsp;");
					content = content.replaceAll("'", "&sd");
					content = content.replaceAll("\"", "&dd");
					content = content.replaceAll("\n", "<br/>");
					content = content.replaceAll(" ", "&nbsp;");
					//接收空值时跳转到登录页面 防止用户直接访问本页面
					if ((username.equals(""))
							|| ((title.equals("")) || (content.equals("")))
							|| (content.length() > 1000)) {
						response.sendRedirect("error.jsp");
					} else {
						//执行插入
						strDo = "INSERT INTO " + tbbs
								+ "(author,authorid,title,content,dnt)"
								+ " VALUES ('" + username + "'," + authorid
								+ ",'" + title + "', '" + content + "', NOW())";
						System.out.print(strDo + "\n");
						stmt.executeUpdate(strDo);
						//插入完成跳转到主页
						response.sendRedirect("main.jsp");
					}
				} catch (Exception e) {
					e.printStackTrace();
					response.sendRedirect("error.jsp");
				} finally {
					stmt.close();
					conn.close();
				}
			} else {
				response.sendRedirect("error.jsp");
			}
		%>
	</body>
</html>