ajax登录请求返回值的问题

标准的json格式   {"key":"value"} 

  客户端登录验证ajax请求

    function savelogin(){      var username = $("#username").val();      var pwd = $("#pwd").val();      if(Mg.isEmpty(username)){        swal("提示", "请填写用户名", "warning");        return;      }      if(Mg.isEmpty(pwd)){        swal("提示", "请填写密码", "warning");        return;      }      if(!checkIdcard(username)){        swal('提示','身份证号码格式错误','warning');        return;      }      $.ajax({        url:"main?xwl=123456789097&username=" + username + "&pwd=" + pwd,        dataType: "json",        success:function(r){          if(r.succ){ //返回值的获取            window.location.href = "main?xwl=123456789&XXXXX=" + r.msg;          }          else{            swal("提示", r.msg, "warning");          }        }      }); 

服务端的验证还有response

var username = request.getParameter('username');var pwd = request.getParameter('pwd');var flag = true, msg = "";if(Wb.isEmpty(username)){  flag = false;  msg = "请输入用户名";}else if(Wb.isEmpty(pwd)){  flag = false;  msg = "请输入密码";}else{  var conn = null, ps = null, rs = null;  try{    conn = DbUtil.getConnection("java:comp/env/jdbc/dbname");    var sql = "SELECT TID,TPHONE FROM BBBBBBB WHERE TIDCARD ='" + MyUtil.c(username) + "'";    ps = conn.prepareStatement(sql);    rs = ps.executeQuery();    if(rs.next()){  //一个一个找对应的      var tid = rs.getString("TID");      var tPhone = rs.getString("tPhone").trim();      tPhone = tPhone.substring(tPhone.length() - 6);      if(tPhone != pwd){        flag = false;        msg = "密码错误，请重新输入";      }      else{        request.getSession().setAttribute("BJ_TID", tid);        msg = tid;      }    }    else{      flag = false;      msg = "用户名未找到";    }  } finally {    DbUtil.closeResultSet(rs);    DbUtil.closeStatement(ps);    DbUtil.closeConnection(conn);  }}WebUtil.response(response, "{\"succ\": " + flag + ", \"msg\":\"" + msg + "\"}"); //最主要的是这个WebUtil.response(response,"标准的json字符串给客户端反回去");

要将应户名相等或者密码相等的判断语句放在服务器这样安全一些。