Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Login validation in JSP

pjdas (Programmer) (OP)
25 Feb 03 0:14
I'm trying to do login validation from my jsp page. I have two jsp page. One login.jsp which create login form and second is validation.jsp..which should check username and password to database table, to make sure that username and password exit.And if it does it should send user to other page,or if it doesnt then send to error page. so how im missing something in my validation.jsp. i cant seems to figure it out.
Here is my validation.jsp code

<html>
<head>
<title>store data in database</title>
</head>
<%@ page import="java.sql.*" %>
<body>

<%
String userName=request.getParameter("userName");
String secretWord=request.getParameter("secretWord");
%>

<%
String connURL = "jdbc:oracle:thin:@orca.csc.ncsu.edu:1521:ORCL";
    Connection conn = null;
    Statement stmt = null;
    ResultSet rs = null;
    try{
        Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
        conn = DriverManager.getConnection(connURL, "vapatel","pjdas");
        stmt = conn.createStatement();


     String sqlStatement = "SELECT * FROM Login WHERE Username = '"+userName+"' AND Password='"+secretWord+"'" ;      stmt.executeUpdate(sqlStatement);
     stmt.close();     
        
    } catch (ClassNotFoundException e) {
        System.err.println("Couldn't find the mm " + "database driver: "
        + e.getMessage());
    } catch (InstantiationException e) {
        System.err.println(e.getMessage());
    } catch (IllegalAccessException e) {
        System.err.println(e.getMessage());
    } catch (SQLException e) {
         System.err.println("SQL problem: " + e.getMessage());
         System.err.println("SQL state: " + e.getSQLState());
         System.err.println("Vendor error: " + e.getErrorCode());
    } finally {
        try {
            if (conn != null) {
                conn.close();
            }
        } catch (SQLException e) {
            System.err.println(e.getMessage());
        }
    }
    


%>

<h2> Thank You</h2>
The Database has been updated.
</body>
idarke (Programmer)
25 Feb 03 9:28
Are you getting an exception?  A compile error?
pjdas (Programmer) (OP)
25 Feb 03 10:34
idarke, thanks for reply
I'm not getting any exception or compile error. I just that it doesnt check that the username and password are corret.I tried putting wrong username and password. it still went through and print out "Thank you  The database has been updated." But it should check.and send it to error page. Do u know.how to send it to error page.
idarke (Programmer)
25 Feb 03 11:08
OK.  First, you should be calling executeQuery instead of executeUpdate.   You're doing a select statement which will only pull data from the database, not update it.  If you're just checking to see if a username/password is valid, that's all you need to do anyway.

The executeQuery will return a ResultSet object, which you have to examine to see if the select got anything.   Since you're using both username and password in the select, then getting ANY information back in the ResultSet would mean the user is valid:

      java.sql.ResultSet rs = stmt.executeQuery();
      if (rs.next())
      {
           // user is valid
      }
      else
      {
          // user is evil hacker
      }

If your user database has security settings, etc in it then you could extract that information from the ResultSet.
pjdas (Programmer) (OP)
25 Feb 03 12:58
Thanks your idarke for ur help.
I got it now...
pjdas (Programmer) (OP)
25 Feb 03 22:35
Hi idarke
  I tried to make it work, using ur suggestion. its complies. Way i implemted so if correct username and password pass in login page it should forward to form.jsp, and when its not then it should send to useraccount.jsp. But when i put correct username and password it send me to useraccount rather then to form.jsp..I think something wrong with my logic.can u able to help me.

Validation.jsp

<html>
<head>
<title>store data in database</title>
</head>
<%@ page import="java.sql.*" %>
<body>

<%
String userName=request.getParameter("userName");
String secretWord=request.getParameter("secretWord");
%>

<%
String connURL = "jdbc:oracle:thin:@orca.csc.ncsu.edu:1521:ORCL";
    Connection conn = null;
    Statement stmt = null;
    ResultSet rs = null;
    try{
Class.forName"oracle.jdbc.driver.OracleDriver").newInstance();
conn = DriverManager.getConnection connURL, "vapatel","pjdas");
stmt = conn.createStatement();

     rs =stmt.executeQuery ("SELECT * FROM Login WHERE USERNAME ='"+userName+"' AND PASSWORD='"+secretWord+"'");     
    
  if (rs.next()){
      %> <jsp:forward page="form.jsp"/> <%
      }
      else
      {
        %> <jsp:forward page="Useraccount.jsp"/> <%

      }
    stmt.close();

    } catch (ClassNotFoundException e) {
        System.err.println("Couldn't find the mm " + "database driver: "
        + e.getMessage());
    } catch (InstantiationException e) {
        System.err.println(e.getMessage());
    } catch (IllegalAccessException e) {
        System.err.println(e.getMessage());
    } catch (SQLException e) {
         System.err.println("SQL problem: " + e.getMessage());
         System.err.println("SQL state: " + e.getSQLState());
         System.err.println("Vendor error: " + e.getErrorCode());
    } finally {
        try {
            if (conn != null) {
                conn.close();
            }
        } catch (SQLException e) {
            System.err.println(e.getMessage());
        }
    }
    


%>

</body>

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close