Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem in Login page

 
Kunal Lakhani
Ranch Hand
Posts: 622
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator



I have a login page, which directs to Verification.jsp

Login.jsp



EveryThing in Login.jsp and verification.jsp is working fine.

I am having a STAFF table, which contains data of JOURNALIST & REPORTER. So, to differentiate their ID, i have a column STYPE, which contains 'R' for Reporter, and 'J' for journalist.


So, when Reporters logs in, i need 'R' to be generated, so that i can provide STYPE in my Query.

How to do this.?
If i place An attribute 'Id' in radio buttons in Login.jsp, how can i get this Id when the radio button is selected??


Verification.jsp



I Should not include Java code in jsp, But this is just a rough project. After this, i will be converting this project as per MVC architecture
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34178
340
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to our JSP forum since this isn't a database question.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34178
340
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kunal Lakhani wrote:If i place An attribute 'Id' in radio buttons in Login.jsp, how can i get this Id when the radio button is selected??

You get the value of the selected radio button when you call request.getParameter(). Did this not work?

Also when you convert to the real project, be sure to use PreparedStatements and binding variables to prevent SQL Injection. Right now someone can delete the contents of the whole database table or login without a proper password.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64701
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, move the Java code out of a JSP and into a Java class where it belongs. Using a JSP as a stand-in for a Java class is the epitome of poor design and bad practices.
 
Stefan Evans
Bartender
Posts: 1691
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
request.getParameter("r1") obviously won't work directly, because the value of r1 being submitted is "Staff", for both Journalist and Reporter.
It seems that this parameter is being used to figure out which table to query. That whole building up the query with string concatenation leaves you wide open for SQL injection attack as has been mentioned.
You need to change your radio button values so that you can distinguish between them.

Maybe something like the following:



But then of course you won't be able to use the value of r1 for the table name any more.....
So maybe a mapping between these values, and what the table/column values for it are?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic