• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

java .lang .Number Format Error

 
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, this is what i'm trying to do. Its a login page. I have the code below but it does not seem to work. I get the following error Apache Tomcat/4.0.4 - HTTP Status 500 - Internal Server Error. java.lang.NumberFormatException: null.


I think the problem lies here. In constructing mysql database, i'm not sure in

userName -- data type = VARCHAR(20)
password -- data type = VARCHAR(10)
lastLogon -- what data type must i use. Must be large enough to hold System.currentTimeMillis().



<%@ page import="java.sql.*" %>

<%

String userName = request.getParameter("userName");
String password = request.getParameter("password");
String lastLogon = request.getParameter("lastLogon");
long lastLogonForm = Long.parseLong(lastLogon);

Connection con = null;
Statement stmt = null;
ResultSet rs = null;
RequestDispatcher rd = request.getRequestDispatcher("home.jsp"); //forward to home page by default
try {
//Change the next 3 lines to use correct values in your own environment

String dbURL = "jdbc:mysql://localhost:3306/***";
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection(dbURL, "***", "***");



stmt = con.createStatement();
rs = stmt.executeQuery("select password, lastLogon from USER where userName = '" + userName + "'");

if (rs.next()) { //query only returns 1 record in the result set

if (rs.getString("password").equals(password)) { //if valid password
long lastLogonDB = rs.getLong("lastLogon");
if (lastLogonForm > lastLogonDB) {
session.setAttribute("User", userName); //Saves user name string in the session object
stmt.executeUpdate("update USER set lastLogon= " + lastLogonForm + " where userName = '" + userName + "'");
}
else {
request.setAttribute("Error", "Session has ended. Please login.");
rd = request.getRequestDispatcher("login.jsp");
}
}
else{ //password does not match,i.e. invalid user password
request.setAttribute("Error", "Invalid password.");
rd = request.getRequestDispatcher("login.jsp");
}
} //no record in the result set,i.e. invalid user name
else {
request.setAttribute("Error", "Invalid user name.");
rd = request.getRequestDispatcher("login.jsp");
}
}
catch (Exception e) { //database problem
request.setAttribute("Error", "Problem accessing security realm.");
rd = request.getRequestDispatcher("login.jsp");
e.printStackTrace();
}
finally {
try {
stmt.close();
con.close();
}
catch (Exception ignore) {
}
}

rd.forward(request, response);

%>
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your problem seems more about what's in lastLogon, rather than its type.
It seems to be null when you read it.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
lastLogon is null when i first create the database. So what value do i enter into the field so that the error would not occur. Also whats the best data type to use for the field. Thank you for your assistance.
 
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


rs = stmt.executeQuery("select password, lastLogon from USER where userName = '" + userName + "'");

if (rs.next()) { //query only returns 1 record in the result set


ever heard of SQL injection?
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm sorry but whats sql injection. Is it related to the database field being empty and i cant read from it.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SInce this is unrelated to JSP, I've moved it to the JDBC forum.
 
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vanan sara:
I'm sorry but whats sql injection. Is it related to the database field being empty and i cant read from it.



"SQL injection" is a classic and very common way of hacking into a web application; your code is a close match to the standard example of how to make yourself a victim of a SQL injection attack.

Use Google or search this forum for more information.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have read up and understood whats Sql injection. SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database.

I will look into in on my next coding pratice.


But my problem is lastLogon being null when its first being read. What do i enter into the database field when the field is created. Also what is the best datatype to use for the field.


Thank you for your assistance....
 
Marshal
Posts: 28175
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, I don't see why this is a difficult question. You say yourself

Must be large enough to hold System.currentTimeMillis().

This is a long value -- that is, it's a number with zero decimal places. And you can find out for yourself, with a one-line test program, how many digits you are going to need.

I also don't see how you're getting errors -- or even reading data at all -- when you don't have the database defined yet. Once you get the database defined properly, you won't have the "null" problem because you will have used a column type that returns long values. You only have that problem because you are implementing things in the wrong order.
 
vanan saravanan
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Managed to solve the problem. I define my field as a 'char' with a start value of '1' It then works. Thank you for all assistance.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic