aspose file tools*
The moose likes JDBC and the fly likes servlet database connectivity example program is giving unexpected results Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "servlet database connectivity example program is giving unexpected results" Watch "servlet database connectivity example program is giving unexpected results" New topic
Author

servlet database connectivity example program is giving unexpected results

kiran kumar reddy
Ranch Hand

Joined: Jun 28, 2012
Posts: 94

i created a simple application which takes username and password from browser and it will check the availability of those credentials in database if correct it will give "login success" if not "login failure"

even though in my application if i gave correct credentials which are present in my database it is showing as "login failure" i am using mysql database. where lara is database name and in that there is one table names lara.
here are my files.

below is my web.xml file

below is my html file

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61772
    
  67

A few observations:

  • You should be using a prepared statement. Otherwise, you are wide open for SQL injection attacks.
  • As the existence of the record is all that matters, doing "select *" is needless; do "select count(*)".
  • You might want to refactor your try/ctach structure; what you've got is rather unweildly.


  • [Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
    kiran kumar reddy
    Ranch Hand

    Joined: Jun 28, 2012
    Posts: 94

    Bear Bibeault wrote:A few observations:

  • You should be using a prepared statement. Otherwise, you are wide open for SQL injection attacks.
  • As the existence of the record is all that matters, doing "select *" is needless; do "select count(*)".
  • You might want to refactor your try/ctach structure; what you've got is rather unweildly.


  • i don't know what SQL injection attacks means and what does prepared statement means? as this is simple application to learn please ignoring about sql injection attacks.
    i have tried select count(*) from lara WHERE username="+uid+" or password="+pw+";" in servlet but got same result. again it gave me unexpected result.
    i couldn't get whats the problem with try catch block. it seems solution you are trying to give me is wide to my knowledge in servlets. could you please narrow it down. where i got wrong?

    in authenticateuser() in servlet it is not returning true when i actually enter true username and password present in database it seems. how can it give return when i enter true values?
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: servlet database connectivity example program is giving unexpected results