<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="java.sql.*" %>
<%@ page import="javax.naming.*" %>
<%@ page import="javax.*" %>
<html>
<body>
<h3>浏览用户信息</h3>
<%
String UserID = (String) session.getAttribute("UserID");
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/fangchan?useSSL=false";
String username = "root";
String password = "123456";
conn = DriverManager.getConnection(url, username, password);
// Use a prepared statement to avoid SQL injection
String query = "SELECT * FROM class3 WHERE UserID = ?";
pstmt = conn.prepareStatement(query);
pstmt.setString(1, UserID);
rs = pstmt.executeQuery();
%>
<table>
<tr>
<th>用户ID</th>
<th>用户名称</th>
<th>用户性别</th>
<th>身份证号</th>
<th>手机号</th>
<th>家庭住址</th>
</tr>
<%
while (rs.next()) {
%>
<tr>
<td><%= rs.getString("UserID") %></td>
<td><%= rs.getString("UserName") %></td>
<td><%= rs.getString("sex") %></td>
<td><%= rs.getString("IdNumber") %></td>
<td><%= rs.getString("Phone") %></td>
<td><%= rs.getString("User") %></td>
</tr>
<%
}
%>
</table>
<%
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (rs != null) rs.close();
if (pstmt != null) pstmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
%>