• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

not able to get values into database

 
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i m not able to get values into my database, only dob is getting inserted, rest of the field getting 0 value..
here is my code:

RegistrationService.java


RegistrationServlet.java



RegistrationClass.java


and my registration.jsp is simply a registration from..
 
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should not use the JDBC/ODBC driver in web apps; it's buggy, it's slow and -most importantly- not thread-safe. There's also no need to register the driver for each access - do it once in the init method of the servlet and be done with it. And you should close each connection you open (unless you're using a connection pool, but let's get the basics right first before delving into that).

You also urgently need to read up on what SQL injection is, and how to avoid it. The web is a hostile place, and this code invites attacks as it is: https://coderanch.com/how-to/java/SecurityFaq#web-apps

Are you getting any error messages in the log files?
 
Ranch Hand
Posts: 308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
May i see please the registration.jsp code? In particular the piece of code where you define the input tags? (txt_name,txt_email,txt_address?)
Thanks
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
here is my registration.jsp



but the are successfully posting to RegistrationServlet, there i m also simply printing these values, so i don't think so this page will have any problem..
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you...


You should not use the JDBC/ODBC driver in web apps


then which driver i should use??

and no it's not showing me any error, values are inserting into database, but all are 0 except the date of birth..
 
Nicola Garofalo
Ranch Hand
Posts: 308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Everything seems to be ok. what are name,email,address,gender datatypes in your database?
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ahh, i didn't change my database datatype, it's int...
everything working fine now..
i apologies for this..

one more thing i want to know, if this registration code is for some e-commerce website, how can i provide more security to this???
as well as to login code??
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Even if it works now, you should follow all the advice I gave in my earlier reply. Don't even think about making this publicly available without addressing the SQL injection vulnerability. And you should definitely read the articles about web app security I linked to (and implement what they tell you). Not doing so might arguably constitute criminal negligence, especially on an e-commerce site.
 
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:You should not use the JDBC/ODBC driver in web apps; it's buggy, it's slow and -most importantly- not thread-safe. There's also no need to register the driver for each access - do it once in the init method of the servlet and be done with it. And you should close each connection you open (unless you're using a connection pool, but let's get the basics right first before delving into that).

You also urgently need to read up on what SQL injection is, and how to avoid it. The web is a hostile place, and this code invites attacks as it is: https://coderanch.com/how-to/java/SecurityFaq#web-apps

Are you getting any error messages in the log files?


Which one should be preferred if ODBC/JDBC are not to be used??
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
surely i will read..
but still which driver i should use instead of jdbc/odbc???
are you talking about pure java driver (i mean type 4 drivers)..??
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, type 4 drivers are available free of charge for all major DBs; there's no reason to use the JDBC/ODBC bridge. Plus, OBDC may not be available on the server where this web app will end up running.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you very much for your help..
one more thing i want to know, i read this page you given, sqlInjuction
is this more then enough to prevent my page from sql injuctions.??
and also here i m not able to use mysql_real_escape_string()..
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should not create SQL statements through string concatenation, but use PreparedStatement instead. That's your first line of defence.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
okay thank you..
i have done with using prepared statement..
well is that only sufficient from sql injunctions??

 
Sheriff
Posts: 3837
66
Netbeans IDE Oracle Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Punit Jain wrote:okay thank you..
i have done with using prepared statement..
well is that only sufficient from sql injunctions??

Yes, if you always use bind variables (the question marks in the statement text) for every value that came from outside of your program and bind them as a correct type (strings as strings, numbers as numbers, dates as dates etc.), you're once and for all safe from SQL injection attacks.

Note the correct term is SQL injection - the attacker uses specific input that "injects" unwanted (hostile) functionality into your statement. It does not matter much except if you search for resources on this topic the web or in documents, you might miss some because of the misspelling.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you very much..
have a question, instead of using prepared statement if i used callable statement, they will be more secure because SQL code for a stored procedure is defined and stored in the database itself..??
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not really. Access privileges can be tightened down further when using stored procs compared to raw JDBC, but assuming that the DB is only accessible from your own local network -in which case access can be restricted by IP address- security reasons for and against stored procs are probably less important than software architecture concerns.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
well thank you time for explaining all, now i probably should think that my registration page is secure...
one more thing now it can be fine for an e-commerce site??
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security has many facets; you most likely aren't done yet. For example, what have you implemented to prevent cross-site scripting? Do you have SSL set up for everything related to login, payment and user data? Have you read through the "Guide to Building Secure Web Applications" I linked to, and made sure that all that is accounted for?
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Do you have SSL set up for everything related to login, payment and user data?



but i think this will be provided by the service provider (i mean the domain service provider)...


have you implemented to prevent cross-site scripting



for this i will use some java script..
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Punit Jain wrote:

Do you have SSL set up for everything related to login, payment and user data?


but i think this will be provided by the service provider (i mean the domain service provider)...


The actual certificate - yes. But you need to ensure that it is being used everywhere by providing proper HTTPS links, and by preventing that any sensitive data is sent (or accepted) via HTTP.

have you implemented to prevent cross-site scripting


for this i will use some java script..


This suggests that you do not understand what cross-site scripting (XSS) is, and that -given how long-standing the problem and its solutions are- you're not yet ready to develop a site for which security is important. XSS prevention has nothing to do with JavaScript - it is done entirely on the server.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
well any suggestion, any resources where i can learn all these web securities issues and all...?
 
Tim Moores
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Working through the links on the page I provided in my first post would be a good start.
 
Punit Jain
Ranch Hand
Posts: 1143
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
okay...thank you...
reply
    Bookmark Topic Watch Topic
  • New Topic