為了提高安全性需將sql語法從jsp頁面上移除
改成從.java呼叫

public void last(String sysid,String userid)throws IOException,SQLException
	{
		String sql = "update user set last_active_time ='"+sysid+"' where userid ='"+userid+"' ";
		stmt.executeUpdate(st) ;
	}

目前的程式碼

sql="SELECT * FROM switch.user";
		rs = smt.executeQuery(sql);
		while(rs.next())
		{
			String account = rs.getString("userid");
			String password = rs.getString("password");
			if(account.equals(userid) && password.equals(pwd))
			{
				nrt.last(sysid, userid);
	%>
        <jsp:forward page="/WEB-INF/switch.jsp">
		<jsp:param name="userid" value="<%=userid%>" />
		<jsp:param name="pwd" value="<%=password%>" />
        </jsp:forward>
	<%
			}
			else
			{
				out.println("<meta http-equiv=\"refresh\" content=\"0; url=index.jsp\">");
			}
		}

我的問題是 上述程式中的sql="SELECT * FROM switch.user";
該建立回傳什麼值的方法 讓程式可以順利執行(取得 userid 與 password 執行登入驗證 )
下面附上table

CREATE TABLE `user` (
  `sysid` varchar(45) NOT NULL,
  `userid` varchar(45) NOT NULL,
  `username` varchar(45) DEFAULT NULL,
  `password` varchar(45) DEFAULT NULL,
  `last_active_time` varchar(45) DEFAULT NULL,
  PRIMARY KEY (`sysid`,`userid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `user` VALUES ('001','aaa',NULL,'123a','2021-10-08 10:10:26'),('002','bbb',NULL,'123b','2021-10-04 09:18:24'),('003','abc',NULL,'123c','2021-10-04 15:56:33');