• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

dont understand implementation sessions

 
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, glad i found this great forum which hopefully will be a great help. This is what i'm trying to work on.

A user 'A' is able to login using his name and password. How i do this is that the values are checked against a sql table. It works fine. Now after login the user must be able to insert,update and delete database elements in the jsp website. I can get that to work also.

My problem is, each user is identified by a unique ID. Based on this id then the changes to the database will take place. For example user 'B' will see different data from the database compared to user 'A' after login.

How do i implement this. I know i need to use sessions. But how do i use sessions to link with a primary key in a database. Any form of help is truely and greatly appreciated. Thank you...
[ June 02, 2006: Message edited by: Bear Bibeault ]
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I dont know what exactly you are trying to achieve. What I can think of right now is, try creating a UserBean which has all necessary information. After user logs in, you can store that user bean into session and then use it wherever you need to check for the user.
 
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Since this is much more about table design and usage than JSP, I've moved this to the JDBC forum.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is a more detailed explanation of what i'm trying to acheive. I have a jsp website which connects to a mysql databse. Each user is given a username and password. Once they login they are able to use html forms to update their personal information or makes changes to it. Therefore each user has unique information stored in the database. In the database each user is uniquely identifed by a userID.


So what is the best way to work with this problem. How do i use the login information provided by the user to reference the data in the database and present it out on the webpage. So that they can update or view the information. Each user is unique.
 
Bear Bibeault
Sheriff
Posts: 67750
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If each row in a table is "owned" by a particular user, and you only want that user to be able to access it, you could add an "owner" column to the table in which you store the user id of the owner.

Then, qualify all your selects with a where clause fragment such as "where owner = ?" and supply the current user id. Your business logic should also always check that the current user id and the owner id of any record being processed match.

Those with deeper table design experience may have other ideas...
[ June 02, 2006: Message edited by: Bear Bibeault ]
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your reply.

Is it possible to use the unique identifier userid to do the matching. I tried this. To save the username entered by the user as a session. THen use that to reference agianst the mysql database. But it does not work. I get this error -

javax.servlet.ServletException: Unknown column 'entered user name' in 'where clause'


This is my code


<%@ page language="java" %>
<%@ page import="java.sql.*" %>
<%
String username=(String) session.getAttribute("username");
if(username==null) username="";
%>


<% Class.forName("com.mysql.jdbc.Driver"); %>


<%
Connection connection = DriverManager.getConnection(



"jdbc:mysql://localhost:3306/*****","*****","******");




Statement statement = connection.createStatement() ;
ResultSet resultset =
statement.executeQuery("select no from details where name="+username );





%>

<TABLE BORDER="1">
<TR>
<TH>Name</TH>
</TR>
<% while(resultset.next()){ %>
<TR>
<TD>
<%= resultset.getString("no")%>
</TD>
</TR>
<% } %>




<html>
<head>
<title>Show Saved Name</title>
</head>
<body>
<p>Welcome: <%=username%><p>



</body>

[ June 02, 2006: Message edited by: vanan sara ]
[ June 02, 2006: Message edited by: vanan sara ]
 
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JDBC 101 - almost every beginner thinks that using Statement is the best way to get started learning JDBC; it's not. It has so many traps for the unwary, you should invest the effort and learn to use PreparedStatement.

1. Easier syntax (in the long run).
2. More secure.
3. Faster on many databases (in the long run).
4. Helps you avoid implicit type conversions in the database, whcih can be the source of some really insidious bugs.
And other reasons...

In your case, do this:


The error you're getting is because the SQL you're constructing is wrong; String values inserted into sql strings (to be used as some character type such as CHAR or VARCHAR on the database side), have to be enclosed in single-quotes, e.g.:
String SQL = "SELECT a_column, b_column FROM a_table WHERE c_column = 'some value'";
However, when you have a lot of String variables that need to go into your SQL, constructing a statement with the literal values embedded in it gets real messy, real fast, especially when you have data that may have single-quotes embedded in them. Use PreparedStatement, avoid headaches and eye-strain...
[ June 02, 2006: Message edited by: stu derby ]
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you so much for your help, it works!!


Now i need to read up more on PreparedStatement...
 
this is supposed to be a surprise, but it smells like a tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic