This week's book giveaway is in the Other Open Source APIs forum. We're giving away four copies of Storm Applied and have Sean Allen, Peter Pathirana & Matthew Jankowski on-line! See this thread for details.
i created one servlet for username and password validation.It works fine only for one user.If i create new user then i can able to login in with that new user only not with any another username and password(previous user).I doubt my servlet is not working properly.I will share my servlet code ...please check my code and rectify where i went wrong.Kindly suggest any ideas to work with all new username and password.As am novice in servlet concepts.After the user validation then only i can go further pages to develop.One more thing the else part is not working fine.If the user is not valis it will stay in that page but doesnt show the error message.Please help me.
//conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/track","root","root");
//strQuery="select * from user where userID='"+user+"' and password='"+pass+"'";
strQuery="select userID,password from user";
st = conn.createStatement();
//rs=st.executeQuery("select * from user where userID='"+user+"' and password='"+pass+"'");
rs = st.executeQuery(strQuery);
Small correction to the modified code:
The code is vulnerable to SQL Injection since you are using literals in your SQL (using statement). Use prepared statement and then set the values for the username and password(so that you will be binding the user name).