GeeCON Prague 2014*
The moose likes JDBC and the fly likes simple login script Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Databases » JDBC
Bookmark "simple login script" Watch "simple login script" New topic
Author

simple login script

Alan Bennet
Greenhorn

Joined: Sep 09, 2011
Posts: 5
hello all,
can someone tell me what is wrong with the following log in jsp script. the count integer is equal to zero where it should be equal to 1 as the username and password are correct.
<%
String username = request.getParameter( "username" );
String password = request.getParameter("password");
session.setAttribute( "theName", username );
session.setAttribute( "thepass", password);
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
String url= "jdbc:mysql://localhost:3306/users";
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection(url,"root","abdfr");
stmt = con.createStatement();
rs= stmt.executeQuery("SELECT * FROM user WHERE username='username' AND password='password'");
rs.last();
int count = rs.getRow();
if (count > 0){
String redirectURL = "hellojsp.jsp";
response.sendRedirect(redirectURL);
}

your help is much appreciated.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Stylistically and architecturally there are about a dozen things wrong with it. But as far as the issue of whether a certain record exists in the database or not: You are asserting that there is a record in the database where the value of the username column is 'username' and the value of the password column is 'password'. The database is asserting that there are no such records.

Personally I would expect that the database knows what it's doing, and that there are no such records. But one would have to look in the database to actually confirm that.

Of course there's the possibility that you expected that query to be looking for some other values. Could you explain what values you expected it to be looking for?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61305
    
  66

Doing this is a JSP is egregious and irresponsible. Move the code to a servlet.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Alan Bennet
Greenhorn

Joined: Sep 09, 2011
Posts: 5
Thank you for your instant reply.
the database has two columns (username and password) the first row in the database has the value of 'black' for username and 'hgjhhk' for password. i know that the password should be encrypted but i have done it this way for testing purposes only. am passing the values through the following form.

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<form method="POST" ACTION="processformsession.jsp">
What's your name? <input type="text" name="username" >
What's your password?<input type="password" name="password" >
<P><INPUT TYPE=SUBMIT value="enter">
</form>
</body>
</html>

@Bear Bibeault. i will follow your advice and do it through a servlet. but there must be a reason for it not working in a jsp and i would like to know it. again your help is much appreciated.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61305
    
  66

I assume that you've already tested that the expected values are being sent to the JSP (soon to be servlet).

So the issue must be with the JDBC. I've moved this post to the JDBC forum accordingly.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Alan Bennet wrote: the database has two columns (username and password) the first row in the database has the value of 'black' for username and 'hgjhhk' for password.


But -- as I already pointed out -- you are using 'username' for the username and 'password' for the password. That's why you don't find that record.

That was one of the dozen things that I observed in your post which were sub-standard. You aren't using a PreparedStatement to execute queries with variable information, you're building an SQL query from text. And you're doing it wrong, which is quite common. And while we're talking about database access, you should close your JDBC objects once you have finished using them. In a finally block. I could go on but let's leave it at that for now.

(And as you can see, your problem has nothing to do with the fact that you put the code in a JSP scriptlet. The same code in a servlet would fail to work for the same reason.)
Alan Bennet
Greenhorn

Joined: Sep 09, 2011
Posts: 5
But -- as I already pointed out -- you are using 'username' for the username and 'password' for the password. That's why you don't find that record.


excuse my stupid question I'm just a beginner what should i be using instead?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Like I said, you should be using a PreparedStatement. I can tell you're a beginner because you're making the same mistakes that all beginners make. Nothing wrong with that, everybody is a beginner once. The antidote is in the Oracle tutorial: Lesson: JDBC Basics; I suggest you go through that.
Alan Bennet
Greenhorn

Joined: Sep 09, 2011
Posts: 5
same result even when using a prepared statement
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Then your PreparedStatement is wrong.

If you went through that tutorial in under half an hour, there's a good chance you didn't take in what it was trying to tell you.

Am I right in guessing you just copied your incorrect SQL into a PreparedStatement without converting it to use parameters? Clearly I am guessing here because I don't see any code to comment on.
Alan Bennet
Greenhorn

Joined: Sep 09, 2011
Posts: 5
you guessed right.....fool me. i had a second look at the tutorial and the scriplet is working smoothly. Paul Clapham you are a legend. Thank you very much! This board rocks.Thank you again
 
GeeCON Prague 2014
 
subject: simple login script