wood burning stoves 2.0*
The moose likes JDBC and the fly likes resultset question. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "resultset question." Watch "resultset question." New topic
Author

resultset question.

Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 979
    
    2
is there anything wrong in this particular code??


can i do like this??
William P O'Sullivan
Ranch Hand

Joined: Mar 28, 2012
Posts: 860

You are missing a {

WP
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2491
    
    8

Where do you close all your resources?


OCUP UML fundamental and ITIL foundation
youtube channel
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 979
    
    2
okay..it works now after closing all resources..
but is it required to close all resources..?
i mean when i wan not closing resources, it was not redirecting me to success page, and login page again(if user id password is wrong)..
but now it's work..

also can you tell me, when user id and passwords are wrong, i need to redirect it to login page again with message("username and password wrong"), how can i do this??
i can use jsp and servlet.
i think it can be done using param tag, but don't know how..?

Thank You
Wendy Gibbons
Bartender

Joined: Oct 21, 2008
Posts: 1107

your still not using prepatred statements properly, and this is a very vunerable screen, it takes no skill to hack the login screen
prepared statements
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2491
    
    8

Wendy Gibbons wrote:your still not using prepatred statements properly, and this is a very vunerable screen, it takes no skill to hack the login screen
prepared statements


Been posted before, but still funny
Punit Jain
Ranch Hand

Joined: Aug 20, 2011
Posts: 979
    
    2
your still not using prepatred statements properly, and this is a very vunerable screen, it takes no skill to hack the login screen
prepared statements


but how, what i am doing wrong??
is there anything else also which i have to take care, even after using prepared statement??
Wendy Gibbons
Bartender

Joined: Oct 21, 2008
Posts: 1107

the API docs explain how you should be using a prepared statement, you have just taken your old statement string and used it in exactly the same way, so it isn't any safer in a prepared statement that a normal statement.

api
chris webster
Bartender

Joined: Mar 01, 2009
Posts: 1607
    
  13

Punit Jain wrote:
your still not using prepatred statements properly, and this is a very vunerable screen, it takes no skill to hack the login screen
prepared statements


but how, what i am doing wrong??
is there anything else also which i have to take care, even after using prepared statement??

Wendy and Jan have warned you about the vulnerabilty of your approach to SQL injection, which you can fix by using bind variables for your search parameters.

Also, I don't use MySQL myself, but are you sure about those single quotes around your table/column names, and does "&&" work like "AND" in MySQL? Does this SQL work if you run it via the MySQL SQL shell? If not, it won't work in Java either.

Do you really need to do "SELECT * ..." to read everything from your login table e.g. don't you think fetching the password into your Java code might be a security risk?

So yes, there are other things you need to do: You need to read up on how to use bind variables with JDBC to prevent SQL injection, always check your SQL via your database's SQL shell, and you need to think about what you are really trying to do with your SQL instead of just blindly fetching data that should probably be kept securely in your database.


No more Blub for me, thank you, Vicar.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: resultset question.
 
Similar Threads
Java won't send SQL query
Help in database connections
Strange behaviour of ResultSet next method
user authentication servlet problem
Help with this code!