Getting values from mySQL table using JDBC

I am trying to authenticate user log in try { // Register JDBC driver Class.forName(JDBC_DRIVER); // DriverManager.getConnection method for connection to mySQL server System.out.println("Connecting to a selected database..."); conn = DriverManager.getConnection(dbURL, dbUser, dbPass); System.out.println("Connected database successfully..."); // create a Statement and update records System.out.println("checking records into the table..."); PreparedStatement checkUserInfo = (PreparedStatement) conn .prepareStatement("SELECT * FROM userInfo ( UserName, userPW) values(?,?)"); /*String name = checkUserInfo.getString("userName"); Statement stmt = (Statement) conn.createStatement(); String sql = "select * from userInfo (userName, UserPW) values(?,?)"; //PreparedStatement updateUserInfo = (PreparedStatement) conn //.prepareStatement("select * from socialnetwork.userInfo WHERE (userName, UserPW) values(?,?)"); //updateUserInfo.executeUpdate(); */ Statement stmt = (Statement) conn.createStatement(); String sql = "select * from userInfo (userName, UserPW) values(?,?)"; ResultSet rs= stmt.executeUpdate(sql); //storing user data in ResultSet //ResultSet rs = stmt.executeQuery(sql); while (rs.next()) { String name = rs.getString("userName"); String pass = rs.getString("userPW"); if ( name==user && pass==pw) { //session.setAttribute("username",user); //resp.sendRedirect("http://localhost:8084/Socialnetwork02/index.jsp"); out.print("Login Successful"); } else { out.print("Login Unsucessfull. Try again."); //resp.sendRedirect("http://localhost:8084/SocialNetwork02/UserRegistration.jsp"); } } } catch (Exception e) { e.printStackTrace(); } } }

My Db has a table named UserInfo with 3 columns :- serail [ PK and AutoI], userName and UserPW

when I run this I get "HTTP Status 404 "

what is wrong and how to fix it.
'

I see 2 issues. First the select statement. How can you get data without a WHERE clause? Second issue, the checking of user name and password: you are using "==" which should have been equals(). The "==" check whether the object is the same in memory rather than the content. You want to check the content here.

A 404 has nothing to do with JDBC. It means the web resources was not found.

Leaving aside's Bear's point about a 404 error being nothing to do with the JDBC stuff, you also need to think about what you are doing in your query. You appear to be checking to see if a particular user exists with a specified password in your user table. But you should not simply fetch all the records and check each one. That approach is inefficient and insecure as it means you have to fetch every user - and their stored password - across your network into your Java server and check if it matches the specified user. Instead you should simply ask the database to do this check for you, with a query like:

SELECT user_id FROM user_info WHERE user_name = ? /* the specified user name */ AND user_password = ? /* specified password - should be encrypted as well */

You would need to adapt this for your database and data model, but this approach means you only send one password across the network, and you never fetch any passwords out of the database at all. It also means you only need to return one value - the user ID - from the database for one row i.e. the record that matches your user. If no record is found, then you know the username/password do not exist in the database table

And if you're going to use a database, learn some SQL.

Thanks for describing about fetching all record vs what is required from the Db.

I have added the suggestions to the servlet and its working now with ResultSet.


Please helpe me to figure out what framework to use for making a simple social networking project.

So far I can get connected using simple JDBC to add a user and authenticate the credential using user's password and ID in a mySQL table.

Should I use Hibernate or just JDBC.