This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Help me on userlogin Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Reply locked New topic
Author

Help me on userlogin

Shounak Kundu
Ranch Hand

Joined: Jul 29, 2010
Posts: 60

Hi, I am writing this code.



My problem is that the boolean variable userexists is always returning true. How can I fix it? Can anybody help me ?


Shounak
Ngoc Sinh
Greenhorn

Joined: Jul 29, 2010
Posts: 3
There are three things you should be carefull:

1. SQL query doesn't check if the password is match case or not.
2. You should you prepareStatement and set parameter instead of plus variable into your query string, it may cause some sql error.
3. Statement.execute() always return true if the queryString return a ResultSet, although that the ResultSet have no record.

I recommend you do this way:
1. Select user have the same username with the input.
2. If user existed, check the password is equal or not. Else response invalid username or something.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Ngoc Sinh wrote:1. SQL query doesn't check if the password is match case or not.

It checks for equality, which is case-sensitive.

I recommend you do this way:
1. Select user have the same username with the input.
2. If user existed, check the password is equal or not. Else response invalid username or something.

There's no reason not to combine the two operations in the SQL query as is being done.

But ultimately, you need to see if there were any results: Statement.execute(...) doesn't do this; it's generally for statements that don't return a result set. (You can *get* the result set, but why take the extra step?) Try using executeQuery(...) and seeing if the result set has any entries: rs.next() returns a boolean.

Check out the java.sql.Statement API docs for further info--they're worth knowing.
Shounak Kundu
Ranch Hand

Joined: Jul 29, 2010
Posts: 60

You guys are awesome, thanks a lot mate.....

But, now I have different problem , and I have posted it here. I am now getting ResultSet.next() was not called Exception
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Can't help if we can't see what you're trying.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30136
    
150

JDBC part continued here


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Help me on userlogin
 
Similar Threads
Can a JOptionPane.showMessageDialog be used within JSF?
Connection Pool
"ResultSet.next() was not called" Exception
Quering the ResultSet
Trying to compile getting unknown package error