I have a MySQL database where I have a userid and a password column. Each of them has the value "mads". I have some problems that I have been struggling with some days now, because I didn't program so long time. I have a JSP page where I have my form and a servlet who makes the connection to the MySQL database. When i put in mads in userid and password I get always the message "You are not valid". That means it dosent give me the answer "The user is valid", as I would like to. I would not like to create a user, I would just like to check if the user exist in the database. My JSP and servlet code is here: I hope somebody can help me, because I really don't know what is wrong.
Best Regards Mads
<%@ page language="java" contentType="text/html; charset=US-ASCII"
pageEncoding="US-ASCII"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Validation</title>
<style type="text/css">
/* border-radius er rundt hjørner på input..*/
input[type=text] {padding:5px; border:2px solid #ccc; webkit-border-radius: 5px; border-radius:5px;}
input[type=text]:focus{border-color:yellow;}
input[type=password] {padding:5px; border:2px solid #ccc; webkit-border-radius: 5px; border-radius:5px;}
input[type=password]:focus{border-color:yellow;}
input[type=submit] {padding: 5px 15px; background:#ccc; border:0 none; cursor:pointer; webkit-border-radius:5px; border-radius: 5px;}
</style>
</head>
<body>
<br><br><br>
<center>
<h1>Please enter user name and password</h1>
<form name="frm" action="LoginValidation" method="post">
<input type="text" name="user">
<input type ="password" name="pass">
<input type="submit" value="Check" class="submit">
</form>
</center>
</body>
And My Servlet:
import java.io.*;
//import java.util.*;
import java.sql.*;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.*;
import javax.servlet.*;
@WebServlet(urlPatterns = {"/LoginValidation"})
public class Validation extends HttpServlet {
private static final long serialVersionUID = 1L;
private ServletConfig config;
public void init (ServletConfig config)
throws ServletException{
this.config = config;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException {
PrintWriter out = response.getWriter();
String connectionURL = "jdbc:mysql://localhost/dblogin";
Connection connection = null;
ResultSet rs;
String userid = request.getParameter("userid");
String password =request.getParameter("password");
////and your select statement
try{
String sql = "SELECT * FROM login WHERE userid = ? AND password = ?";
Class.forName("com.mysql.jdbc.Driver"); connection = DriverManager.getConnection(connectionURL, "root", "");
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, userid);
preparedStatement.setString(2, password);
Statement s = connection.createStatement();
rs =preparedStatement.executeQuery();
////if there are next ib rs so you have a user by this id and password
if(rs.next()) {
out.println("The user is valid");
}
else {
out.println("You are not valid");
}
}catch(Exception e) {
System.out.println("The exception is" + e);
}
}
}
Probable fix:
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,IOException {
PrintWriter out = response.getWriter();
String connectionURL = "jdbc:mysql://localhost/dblogin";
Connection connection = null;
PreparedStatement preparedStatement = null;
ResultSet rs = null;
String userid = request.getParameter("user");
String password = request.getParameter("password");
response.setContentType("text/html");
try {
// Load the database driver
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection(connectionURL, "root", "");
//Add the data into the database
String sql = "SELECT * FROM login WHERE userid = ? AND password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, userid);
preparedStatement.setString(2, password);
rs = preparedStatement.executeQuery();
if(rs.next()) {
// redirect or print but not both...
out.println("The user is valid");
// response.sendRedirect("index_true.jsp");
} else {
out.println("You are not valid");
}
} catch(Exception e) {
System.out.println("Exception is: " + e);
} finally {
// TODO: check for nullity
rs.close();
preparedStatement.close();
connection.close();
}
}
Fixed:
(there might still be some issues, this was not tested)