Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

servlet database connectivity example program is giving unexpected results

 
kiran kumar reddy
Ranch Hand
Posts: 94
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i created a simple application which takes username and password from browser and it will check the availability of those credentials in database if correct it will give "login success" if not "login failure"

even though in my application if i gave correct credentials which are present in my database it is showing as "login failure" i am using mysql database. where lara is database name and in that there is one table names lara.
here are my files.

below is my web.xml file

below is my html file

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65111
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A few observations:

  • You should be using a prepared statement. Otherwise, you are wide open for SQL injection attacks.
  • As the existence of the record is all that matters, doing "select *" is needless; do "select count(*)".
  • You might want to refactor your try/ctach structure; what you've got is rather unweildly.
  •  
    kiran kumar reddy
    Ranch Hand
    Posts: 94
    Eclipse IDE Java Oracle
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Bear Bibeault wrote:A few observations:

  • You should be using a prepared statement. Otherwise, you are wide open for SQL injection attacks.
  • As the existence of the record is all that matters, doing "select *" is needless; do "select count(*)".
  • You might want to refactor your try/ctach structure; what you've got is rather unweildly.


  • i don't know what SQL injection attacks means and what does prepared statement means? as this is simple application to learn please ignoring about sql injection attacks.
    i have tried select count(*) from lara WHERE username="+uid+" or password="+pw+";" in servlet but got same result. again it gave me unexpected result.
    i couldn't get whats the problem with try catch block. it seems solution you are trying to give me is wide to my knowledge in servlets. could you please narrow it down. where i got wrong?

    in authenticateuser() in servlet it is not returning true when i actually enter true username and password present in database it seems. how can it give return when i enter true values?
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic