Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Validation of data in database using resultset

 
Krishnaveni Hanuman
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am doing an Online examination project.( (I have used JNDI for DB)
I have created table exam_id having register number and password as the two columns.
Below is a snippet of the code that has to do validation.

int reg=request.Parameter("register_num");
String pass=request.getParameter("password");//values obtained from web page

Context c=new InitialContext();
DataSource ds=(DataSource) c.lookup("jndi_pool");

Connection con=ds.getConnection();
Statement stmt=con.createStatement();

String s="select password from exam_id where register_number="+reg+"";

ResultSet rs=stmt.executeQuery(s);

My doubt is, if we have a single value say,reg=123 and password="abc", we would do that as :
if(reg==123 && password.equals("abc") {
//redirect to success page
}


but now, i have a resultset which only returns true. how do i perform validation if a user enters a register number and password?
also , if the register number that user entered doesn't exist in DB, how can i come to know that?? or how do i validate that?

Please help me
 
Tim Holloway
Saloon Keeper
Posts: 18365
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This question has nothing at all to do with Tomcat. I'm moving it to a more appropriate forum.

However, when checking a password, the more secure way to do it is like this:



If the returned value is 0, the password did not match.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic