database connected but no validation?

Discussions

Web tier: servlets, JSP, Web frameworks: database connected but no validation?

  1. database connected but no validation? (3 messages)

    Hello

    After user submits username & password, there is no validation, even if database is connected message is diaplayed. I made a table name login having two fields "Username" & "Password" & inserted some username & password. When user enters right username & password, he will be directed to welcome.jsp otherwise Invalid username & password message will be displayed. But even when user enters right username & password, he gets Invalid username & password. So I think validation is not done. I am using SQLSERVER2000 & TOMCAT4.1.

    Here is the code:

    <%@ page language="java" %>
    <%@ page import = "java.sql.*" %>

    <HTML>
    <BODY>

    <% String user = request.getParameter("user");%>
    <% String pwd = request.getParameter("pwd");%>

    <%
    Connection con=null;
    Statement stmt=null;
    ResultSet p=null;

    try {
    // Load the JDBC driver
    Driver d = (Driver)Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver").newInstance();
    System.out.println("Driver Loaded");

    // Create a connection to the database
    con = DriverManager.getConnection("jdbc:microsoft:sqlserver://192.168.1.193:1433;databaseName=cme","sa","");
    stmt=con.createStatement();
    System.out.println("Database Connected");
    }

    catch (ClassNotFoundException e)
    {
    System.out.println(e.getMessage());
    }
    catch (SQLException e)
    {
    System.out.println(e.getMessage());
    }

    String query1 = "SELECT Username, Password FROM login WHERE Username = '"+user+"' AND Password = '"+pwd+"'";

    p = stmt.executeQuery(query1);

    while (p.next())
    {
    String Puser = p.getString("Username");
    String Ppass = p.getString("Password");
    }
    if (user.equals("Puser") && pwd.equals("Ppass")) {
    %>
    <jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
    <% } else { %>

    <h3>Invalid username or password</h3>

    <% } %>

    </BODY>
    </HTML>
  2. database connected but no validation?[ Go to top ]

    If the user is not in the database, the resultset will be empty, so the following code is flawed:
    while (p.next())
    {
    String Puser = p.getString("Username");
    String Ppass = p.getString("Password");
    }
    if (user.equals("Puser") && pwd.equals("Ppass")) {
    %>
    <jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
    <% } else { %>

    <h3>Invalid username or password</h3>

    <% } %>
    Since an empty result indicates an invalid user, you should change your logic to:
    if (p.next()) {
    %>
    <jsp:forward page = "http://192.168.1.193:8080/cimmeshop/jsp/welcome.jsp"/>
    <% } else { %>

    <h3>Invalid username or password</h3>

    <% } %>
  3. database connected but no validation?[ Go to top ]

    user is in database & I have given right username & right password even then no validation & invalid username & password message is displayed.
  4. database connected but no validation?[ Go to top ]

    Thanks it worked.