File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JDBC and Relational Databases and the fly likes Validate userid and password Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "Validate userid and password" Watch "Validate userid and password" New topic

Validate userid and password

P Arunkumar
Ranch Hand

Joined: Jan 05, 2012
Posts: 119

I need to validate my user-id and password with servlet and jsp concept , iam using MySQL database.

Iam new to development field, please anyone help me to do validation with example and explanation.

Thanks in advance.
sarath j nair

Joined: Nov 10, 2011
Posts: 11

// This is the action for checking your user name and password with db value

public ActionForward verification(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response)
throws Exception {

ActionForward forward = new ActionForward();
LoginactionForm loginactionForm = (LoginactionForm) form;

//Database connection

Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/carrent","DB_USERNAME","DB_PASSWORD");
String sql="select * from login";
Statement st=con.createStatement();
ResultSet rs=null;
String username=loginactionForm.getUsername();
String password=loginactionForm.getPassword();


if((username.equals(rs.getString(1))) && (password.equals(rs.getString(2)))){

forward = mapping.findForward("success");

forward = mapping.findForward("failure");


catch(Exception e)
System.out.println("exception part");
return forward;
sarath j nair

Joined: Nov 10, 2011
Posts: 11


<%@ page language="java"%>
<%@ taglib uri="" prefix="bean"%>
<%@ taglib uri="" prefix="html"%>
<%@ taglib uri="" prefix="logic" %>
<script type="text/javascript">
function check(target){
<FORM METHOD="post" NAME="login" action="">
username<html:text property="username" name="LoginactionForm"></html:text>
Password<html:password property="password" name="LoginactionForm"></html:password>

<input type="submit" value="Submit" onclick="check(0);">
sarath j nair

Joined: Nov 10, 2011
Posts: 11

package action.form; // Add the path of the package means where LoginactionForm saved
import org.apache.struts.action.ActionForm;

public class LoginactionForm extends ActionForm {

private String username;
private String password;

public String getUsername() {
return username;

public void setUsername(String username) {
this.username = username;


public String getPassword() {
return password;

public void setPassword(String password) {
this.password = password;
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63873

That solution is incredibly inefficient. Simply select the one record that matches the entered username and password. There's no need to loop through any records.

[Asking smart questions] [About Bear] [Books by Bear]
chris webster

Joined: Mar 01, 2009
Posts: 2296

Can't help you with the Java/MySQL specific stuff, but the logic of your SQL should check that the input user/password values match the ones in the database i.e. something like SELECT 1 FROM users WHERE user_name = :input_user AND password = :input_password. You also need to allow for encrypted passwords in the database e.g. MD5. If the SQL returns a row, then you know the details match. If not, then you know the user/password combination is wrong.

You should not just fetch all the users into your Java code and compare them. As Bear says, this is inefficient, and it is also insecure: you should not be looking at any other users here. If you code your SQL to check the username and password within the WHERE clause, then you do not need to fetch the stored password at all.

No more Blub for me, thank you, Vicar.
Tim Moores

Joined: Sep 21, 2011
Posts: 2417
sarath j nair wrote:// This is the action for checking your user name and password with db value

I sure hope not. Passwords should never be stored in cleartext in the DB; they should be hashed using an algorithm like SHA-2.
I agree. Here's the link:
subject: Validate userid and password
It's not a secret anymore!