• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

dont understand implementation sessions

 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, glad i found this great forum which hopefully will be a great help. This is what i'm trying to work on.

A user 'A' is able to login using his name and password. How i do this is that the values are checked against a sql table. It works fine. Now after login the user must be able to insert,update and delete database elements in the jsp website. I can get that to work also.

My problem is, each user is identified by a unique ID. Based on this id then the changes to the database will take place. For example user 'B' will see different data from the database compared to user 'A' after login.

How do i implement this. I know i need to use sessions. But how do i use sessions to link with a primary key in a database. Any form of help is truely and greatly appreciated. Thank you...
[ June 02, 2006: Message edited by: Bear Bibeault ]
 
Hiren Pathak
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont know what exactly you are trying to achieve. What I can think of right now is, try creating a UserBean which has all necessary information. After user logs in, you can store that user bean into session and then use it wherever you need to check for the user.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since this is much more about table design and usage than JSP, I've moved this to the JDBC forum.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a more detailed explanation of what i'm trying to acheive. I have a jsp website which connects to a mysql databse. Each user is given a username and password. Once they login they are able to use html forms to update their personal information or makes changes to it. Therefore each user has unique information stored in the database. In the database each user is uniquely identifed by a userID.


So what is the best way to work with this problem. How do i use the login information provided by the user to reference the data in the database and present it out on the webpage. So that they can update or view the information. Each user is unique.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If each row in a table is "owned" by a particular user, and you only want that user to be able to access it, you could add an "owner" column to the table in which you store the user id of the owner.

Then, qualify all your selects with a where clause fragment such as "where owner = ?" and supply the current user id. Your business logic should also always check that the current user id and the owner id of any record being processed match.

Those with deeper table design experience may have other ideas...
[ June 02, 2006: Message edited by: Bear Bibeault ]
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for your reply.

Is it possible to use the unique identifier userid to do the matching. I tried this. To save the username entered by the user as a session. THen use that to reference agianst the mysql database. But it does not work. I get this error -

javax.servlet.ServletException: Unknown column 'entered user name' in 'where clause'


This is my code


<%@ page language="java" %>
<%@ page import="java.sql.*" %>
<%
String username=(String) session.getAttribute("username");
if(username==null) username="";
%>


<% Class.forName("com.mysql.jdbc.Driver"); %>


<%
Connection connection = DriverManager.getConnection(



"jdbc:mysql://localhost:3306/*****","*****","******");




Statement statement = connection.createStatement() ;
ResultSet resultset =
statement.executeQuery("select no from details where name="+username );





%>

<TABLE BORDER="1">
<TR>
<TH>Name</TH>
</TR>
<% while(resultset.next()){ %>
<TR>
<TD>
<%= resultset.getString("no")%>
</TD>
</TR>
<% } %>




<html>
<head>
<title>Show Saved Name</title>
</head>
<body>
<p>Welcome: <%=username%><p>



</body>

[ June 02, 2006: Message edited by: vanan sara ]
[ June 02, 2006: Message edited by: vanan sara ]
 
stu derby
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JDBC 101 - almost every beginner thinks that using Statement is the best way to get started learning JDBC; it's not. It has so many traps for the unwary, you should invest the effort and learn to use PreparedStatement.

1. Easier syntax (in the long run).
2. More secure.
3. Faster on many databases (in the long run).
4. Helps you avoid implicit type conversions in the database, whcih can be the source of some really insidious bugs.
And other reasons...

In your case, do this:


The error you're getting is because the SQL you're constructing is wrong; String values inserted into sql strings (to be used as some character type such as CHAR or VARCHAR on the database side), have to be enclosed in single-quotes, e.g.:
String SQL = "SELECT a_column, b_column FROM a_table WHERE c_column = 'some value'";
However, when you have a lot of String variables that need to go into your SQL, constructing a statement with the literal values embedded in it gets real messy, real fast, especially when you have data that may have single-quotes embedded in them. Use PreparedStatement, avoid headaches and eye-strain...
[ June 02, 2006: Message edited by: stu derby ]
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you so much for your help, it works!!


Now i need to read up more on PreparedStatement...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic