Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java .lang .Number Format Error

 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, this is what i'm trying to do. Its a login page. I have the code below but it does not seem to work. I get the following error Apache Tomcat/4.0.4 - HTTP Status 500 - Internal Server Error. java.lang.NumberFormatException: null.


I think the problem lies here. In constructing mysql database, i'm not sure in

userName -- data type = VARCHAR(20)
password -- data type = VARCHAR(10)
lastLogon -- what data type must i use. Must be large enough to hold System.currentTimeMillis().



<%@ page import="java.sql.*" %>

<%

String userName = request.getParameter("userName");
String password = request.getParameter("password");
String lastLogon = request.getParameter("lastLogon");
long lastLogonForm = Long.parseLong(lastLogon);

Connection con = null;
Statement stmt = null;
ResultSet rs = null;
RequestDispatcher rd = request.getRequestDispatcher("home.jsp"); //forward to home page by default
try {
//Change the next 3 lines to use correct values in your own environment

String dbURL = "jdbc:mysql://localhost:3306/***";
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection(dbURL, "***", "***");



stmt = con.createStatement();
rs = stmt.executeQuery("select password, lastLogon from USER where userName = '" + userName + "'");

if (rs.next()) { //query only returns 1 record in the result set

if (rs.getString("password").equals(password)) { //if valid password
long lastLogonDB = rs.getLong("lastLogon");
if (lastLogonForm > lastLogonDB) {
session.setAttribute("User", userName); //Saves user name string in the session object
stmt.executeUpdate("update USER set lastLogon= " + lastLogonForm + " where userName = '" + userName + "'");
}
else {
request.setAttribute("Error", "Session has ended. Please login.");
rd = request.getRequestDispatcher("login.jsp");
}
}
else{ //password does not match,i.e. invalid user password
request.setAttribute("Error", "Invalid password.");
rd = request.getRequestDispatcher("login.jsp");
}
} //no record in the result set,i.e. invalid user name
else {
request.setAttribute("Error", "Invalid user name.");
rd = request.getRequestDispatcher("login.jsp");
}
}
catch (Exception e) { //database problem
request.setAttribute("Error", "Problem accessing security realm.");
rd = request.getRequestDispatcher("login.jsp");
e.printStackTrace();
}
finally {
try {
stmt.close();
con.close();
}
catch (Exception ignore) {
}
}

rd.forward(request, response);

%>
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your problem seems more about what's in lastLogon, rather than its type.
It seems to be null when you read it.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
lastLogon is null when i first create the database. So what value do i enter into the field so that the error would not occur. Also whats the best data type to use for the field. Thank you for your assistance.
 
Richard Green
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

rs = stmt.executeQuery("select password, lastLogon from USER where userName = '" + userName + "'");

if (rs.next()) { //query only returns 1 record in the result set

ever heard of SQL injection?
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm sorry but whats sql injection. Is it related to the database field being empty and i cant read from it.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65339
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SInce this is unrelated to JSP, I've moved it to the JDBC forum.
 
stu derby
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by vanan sara:
I'm sorry but whats sql injection. Is it related to the database field being empty and i cant read from it.


"SQL injection" is a classic and very common way of hacking into a web application; your code is a close match to the standard example of how to make yourself a victim of a SQL injection attack.

Use Google or search this forum for more information.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have read up and understood whats Sql injection. SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.

I will look into in on my next coding pratice.


But my problem is lastLogon being null when its first being read. What do i enter into the database field when the field is created. Also what is the best datatype to use for the field.


Thank you for your assistance....
 
Paul Clapham
Sheriff
Posts: 21581
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I don't see why this is a difficult question. You say yourself
Must be large enough to hold System.currentTimeMillis().
This is a long value -- that is, it's a number with zero decimal places. And you can find out for yourself, with a one-line test program, how many digits you are going to need.

I also don't see how you're getting errors -- or even reading data at all -- when you don't have the database defined yet. Once you get the database defined properly, you won't have the "null" problem because you will have used a column type that returns long values. You only have that problem because you are implementing things in the wrong order.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Managed to solve the problem. I define my field as a 'char' with a start value of '1' It then works. Thank you for all assistance.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic