i created a simple application which takes username and password from browser and it will check the availability of those credentials in database if correct it will give "login success" if not "login failure"
even though in my application if i gave correct credentials which are present in my database it is showing as "login failure" i am using mysql database. where lara is database name and in that there is one table names lara.
here are my files.
You should be using a prepared statement. Otherwise, you are wide open for SQL injection attacks.
As the existence of the record is all that matters, doing "select *" is needless; do "select count(*)".
You might want to refactor your try/ctach structure; what you've got is rather unweildly.
i don't know what SQL injection attacks means and what does prepared statement means? as this is simple application to learn please ignoring about sql injection attacks.
i have tried select count(*) from lara WHERE username="+uid+" or password="+pw+";" in servlet but got same result. again it gave me unexpected result.
i couldn't get whats the problem with try catch block. it seems solution you are trying to give me is wide to my knowledge in servlets. could you please narrow it down. where i got wrong?
in authenticateuser() in servlet it is not returning true when i actually enter true username and password present in database it seems. how can it give return when i enter true values?