Hello
After user submits username & password, there is no validation, even if database is connected message is diaplayed. I made a table name login having two fields "Username" & "Password" & inserted some username & password. When user enters right username & password, he will be directed to welcome.jsp otherwise Invalid username & password message will be displayed. But even when user enters right username & password, he gets Invalid username & password. So I think validation is not done. I am using SQLSERVER2000 & TOMCAT4.1.
Here is the code:
<%@ page language="java" %>
<%@ page import = "java.sql.*" %>
<HTML>
<BODY>
<% String user = request.getParameter("user");%>
<% String pwd = request.getParameter("pwd");%>
<%
Connection con=null;
Statement stmt=null;
ResultSet p=null;
try {
// Load the JDBC driver
Driver d = (Driver)Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver").newInstance();
System.out.println("Driver Loaded");
// Create a connection to the database
con = DriverManager.getConnection("jdbc:microsoft:sqlserver://192.168.1.193:1433;databaseName=cme","sa","");
stmt=con.createStatement();
System.out.println("Database Connected");
}
catch (ClassNotFoundException e)
{
System.out.println(e.getMessage());
}
catch (SQLException e)
{
System.out.println(e.getMessage());
}
String query1 = "SELECT Username, Password FROM login WHERE Username = '"+user+"' AND Password = '"+pwd+"'";
p = stmt.executeQuery(query1);
while (p.next())
{
String Puser = p.getString("Username");
String Ppass = p.getString("Password");
}
if (user.equals("Puser") && pwd.equals("Ppass")) {
%>
<jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
<% } else { %>
<h3>Invalid username or password</h3>
<% } %>
</BODY>
</HTML>
-
database connected but no validation? (3 messages)
- Posted by: p s
- Posted on: April 30 2004 08:10 EDT
Threaded Messages (3)
- database connected but no validation? by Paul Strack on April 30 2004 10:31 EDT
- database connected but no validation? by p s on May 02 2004 13:05 EDT
- database connected but no validation? by p s on May 03 2004 05:21 EDT
-
database connected but no validation?[ Go to top ]
- Posted by: Paul Strack
- Posted on: April 30 2004 10:31 EDT
- in response to p s
If the user is not in the database, the resultset will be empty, so the following code is flawed:while (p.next())
Since an empty result indicates an invalid user, you should change your logic to:
{
String Puser = p.getString("Username");
String Ppass = p.getString("Password");
}
if (user.equals("Puser") && pwd.equals("Ppass")) {
%>
<jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
<% } else { %>
<h3>Invalid username or password</h3>
<% } %>if (p.next()) {
%>
<jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
<% } else { %>
<h3>Invalid username or password</h3>
<% } %> -
database connected but no validation?[ Go to top ]
- Posted by: p s
- Posted on: May 02 2004 13:05 EDT
- in response to Paul Strack
user is in database & I have given right username & right password even then no validation & invalid username & password message is displayed. -
database connected but no validation?[ Go to top ]
- Posted by: p s
- Posted on: May 03 2004 05:21 EDT
- in response to Paul Strack
Thanks it worked.