Login validation in JSP

[pjdas]

I'm trying to do login validation from my jsp page. I have two jsp page. One login.jsp which create login form and second is validation.jsp..which should check username and password to database table, to make sure that username and password exit.And if it does it should send user to other page,or if it doesnt then send to error page. so how im missing something in my validation.jsp. i cant seems to figure it out.
Here is my validation.jsp code

<html>
<head>
<title>store data in database</title>
</head>
<%@ page import=&quot;java.sql.*&quot; %>
<body>

<%
String userName=request.getParameter(&quot;userName&quot;
String secretWord=request.getParameter(&quot;secretWord&quot;
%>

<%
String connURL = &quot;jdbcracle:thinorca.csc.ncsu.edu:1521:ORCL&quot;;
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
try{
Class.forName(&quot;oracle.jdbc.driver.OracleDriver&quot.newInstance();
conn = DriverManager.getConnection(connURL, &quot;vapatel&quot;,&quot;pjdas&quot;
stmt = conn.createStatement();


String sqlStatement = &quot;SELECT * FROM Login WHERE Username = '&quot;+userName+&quot;' AND Password='&quot;+secretWord+&quot;'&quot; ; stmt.executeUpdate(sqlStatement);
stmt.close();

} catch (ClassNotFoundException e) {
System.err.println(&quot;Couldn't find the mm &quot; + &quot;database driver: &quot;
+ e.getMessage());
} catch (InstantiationException e) {
System.err.println(e.getMessage());
} catch (IllegalAccessException e) {
System.err.println(e.getMessage());
} catch (SQLException e) {
System.err.println(&quot;SQL problem: &quot; + e.getMessage());
System.err.println(&quot;SQL state: &quot; + e.getSQLState());
System.err.println(&quot;Vendor error: &quot; + e.getErrorCode());
} finally {
try {
if (conn != null) {
conn.close();
}
} catch (SQLException e) {
System.err.println(e.getMessage());
}
}



%>

<h2> Thank You</h2>
The Database has been updated.
</body>

 

[idarke]

Are you getting an exception? A compile error?

 

[pjdas]

idarke, thanks for reply
I'm not getting any exception or compile error. I just that it doesnt check that the username and password are corret.I tried putting wrong username and password. it still went through and print out &quot;Thank you The database has been updated.&quot; But it should check.and send it to error page. Do u know.how to send it to error page.

 

[idarke]

OK. First, you should be calling executeQuery instead of executeUpdate. You're doing a select statement which will only pull data from the database, not update it. If you're just checking to see if a username/password is valid, that's all you need to do anyway.

The executeQuery will return a ResultSet object, which you have to examine to see if the select got anything. Since you're using both username and password in the select, then getting ANY information back in the ResultSet would mean the user is valid:

java.sql.ResultSet rs = stmt.executeQuery();
if (rs.next())
{
// user is valid
}
else
{
// user is evil hacker
}

If your user database has security settings, etc in it then you could extract that information from the ResultSet.

 

[pjdas]

Thanks your idarke for ur help.
I got it now...

 

[pjdas]

Hi idarke
I tried to make it work, using ur suggestion. its complies. Way i implemted so if correct username and password pass in login page it should forward to form.jsp, and when its not then it should send to useraccount.jsp. But when i put correct username and password it send me to useraccount rather then to form.jsp..I think something wrong with my logic.can u able to help me.

Validation.jsp

<html>
<head>
<title>store data in database</title>
</head>
<%@ page import=&quot;java.sql.*&quot; %>
<body>

<%
String userName=request.getParameter(&quot;userName&quot;
String secretWord=request.getParameter(&quot;secretWord&quot;
%>

<%
String connURL = &quot;jdbcracle:thinorca.csc.ncsu.edu:1521:ORCL&quot;;
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
try{
Class.forName&quot;oracle.jdbc.driver.OracleDriver&quot.newInstance();
conn = DriverManager.getConnection connURL, &quot;vapatel&quot;,&quot;pjdas&quot;
stmt = conn.createStatement();

rs =stmt.executeQuery (&quot;SELECT * FROM Login WHERE USERNAME ='&quot;+userName+&quot;' AND PASSWORD='&quot;+secretWord+&quot;'&quot;

if (rs.next()){
%> <jsp:forward page=&quot;form.jsp&quot;/> <%
}
else
{
%> <jsp:forward page=&quot;Useraccount.jsp&quot;/> <%

}
stmt.close();

} catch (ClassNotFoundException e) {
System.err.println(&quot;Couldn't find the mm &quot; + &quot;database driver: &quot;
+ e.getMessage());
} catch (InstantiationException e) {
System.err.println(e.getMessage());
} catch (IllegalAccessException e) {
System.err.println(e.getMessage());
} catch (SQLException e) {
System.err.println(&quot;SQL problem: &quot; + e.getMessage());
System.err.println(&quot;SQL state: &quot; + e.getSQLState());
System.err.println(&quot;Vendor error: &quot; + e.getErrorCode());
} finally {
try {
if (conn != null) {
conn.close();
}
} catch (SQLException e) {
System.err.println(e.getMessage());
}
}



%>

</body>