I am trying to work on user authentication.
There are 2 rows in a mysql table. I am trying to validate them by comparing them with the inputs from 2 input fields (username and password) on my jsp page.
When I login using data from the first row of the table, I am forwarded to success.
But when I login using the data from the second row, I am forwarded to the error page. I believe the resultset is not moving forward to the next row.
I have pasted the code below.
Where am I going wrong?
That isn't really surprising, if you look at the code.
You read the first row and extract the two columns from it. Then you have an if-else structure in which all three branches end with "return". There's no way for the code to ever carry on and read the next row.
But what you are doing wrong is using a query which can return more than one row. A PreparedStatement containing a query like "select 1 from table where user = ? and password = ?" would be much better. Then if one row was returned you have a correct password input, and if zero rows were returned then you don't.
I changed to Prepared statement. And now I am able to login successfully for the 2 users in my table. But when I enter gibberish, I am not forwarded to the error page. Nothing happens! No exceptions either.
the point is you want to continue to extract the usernames and password when both of them are not null.
So as Paul Clapham was talking about, if you put up a return in that case it is going to generate just one result and its going to return right?
Aparna Ram wrote:
when I enter gibberish, I am not forwarded to the error page. Nothing happens! No exceptions either.
You're query is only selecting things that are equal to your name and pass. If you select only those things when you enter gibberish you are going to get nothing back and skip your whole rs.next logic including the page setting.
I assume your userName is a unique field, I don't know how you would do a login based on usrname and pass if it wasn't. So you can just run your query and if it returns anything authorize them.
It's also redundant to have a select based on usr name and password and then check what's returned vs the input used in the select.