dopay.jsp

实现图书管理

<%@ page contentType="text/html; charset=gb2312" language="java"
	import="java.sql.*" errorPage=""%>
<%@page import="mypkg.MD5"%>
<jsp:useBean scope="page" id="form" class="mypkg.form" />
<jsp:useBean scope="page" id="goods" class="mypkg.goods" />
<jsp:useBean id="exe_db" class="mypkg.Execute_DB" />
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
		<title>do</title>
	</head>

	<body>
		<div align="right"><%  String  lUserID=request.getParameter("S_userid"); 
String sss_card=request.getParameter("ss_card");//商户的卡号
String per_card=request.getParameter("cid");//客户的卡号
String per_pwd=request.getParameter("pwd");//客户的密码
		String sss_md5=request.getParameter("ss_md5");//接受到的md5加密的字符串
		String sss_url=request.getParameter("s_url");//接受到的返回url
		String sss_orderno=request.getParameter("ss_orderno");//接受到的订单号
		String sss_amount=request.getParameter("ss_amount");//接受到的金额		
		String new_sss=sss_card+sss_amount+sss_url+123;
		String new_smd5=MD5.md5(new_sss);
		String key=	2008+sss_orderno+sss_orderno;
		String uid;
		String uname;
			java.util.Date  d=new  java.util.Date();  
		long s_time=d.getTime();
		
		float amount=Float.parseFloat(sss_amount)	;
		if(new_smd5.compareTo(sss_md5)==0)
		{	String pawd=MD5.md5(per_pwd);
		String sql="select * from bankusers where cardid='"+per_card+"' and UserPassword='"+pawd+"'";	
     ResultSet rs=exe_db.exeSqlQuery(sql);
     if(rs.next()){
     uid=rs.getString("UserID");
     sql="select * from bankusers where cardid='"+sss_card+"'";
     rs=exe_db.exeSqlQuery(sql);
     sql="select * from card where cardid='"+per_card+"'";	
     rs=exe_db.exeSqlQuery(sql);
     if(rs.next()){
     if(rs.getFloat("Amount")>amount){
     sql="update card set Amount=Amount-'"+amount+"' where cardid='"+per_card+"'";
     String sql2="update card set Amount=Amount+'"+amount+"' where cardid='"+sss_card+"'";
     if(exe_db.exeSql(sql)&&exe_db.exeSql(sql2)){
     sql="";       
%></div>
		<form name="reg" action=<%=sss_url%> method="post">
			<input type="hidden" name="new_smd5" value="<%=new_smd5%>" />
			<input type="hidden" name="sss_card" value="<%=sss_card%>" />
			<input type="hidden" name="sss_amount" value="<%=sss_amount%>" />
			<input type="hidden" name="sss_url" value="<%=sss_url%>" />
			<input type="hidden" name="sss_orderno" value="<%=sss_orderno%>" />
			<input type="hidden" name="key" value="<%=key%>" />
			<input type="hidden" name="amount" value="<%=amount%>" />
		</form>
		<script language="javascript" type="text/javascript">
document.reg.submit()
</script>
		<%
			}

						} else {
							out.print("余额不足");

							response.setHeader("refresh", "1;URL='" + sss_url
									+ "'");

						}

					}

				}
			}
		%>
<%
        long userid=Long.parseLong(lUserID); 
        form.setFormID(sss_orderno);
		form.setUserID(userid);
		form.setTotals(amount);
	    form.setPayKey(key);
	    goods.setUserID(userid);
	    if (form.add_form()&&goods.updatepay()) {
				out
						.println("<p align=center><font color=#FF0000>用户提交成功</font></p>");
				
			} else {
				out
						.println("<p align=center><font color=#FF0000>用户提交失败，请稍后重试</font></p>");
				
			}%>
	</body>
</html>