• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

servlet with jdbc

 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

how can i assign "username" variable as condition to ResultSet like ResultSet rs=stmt.executeQuery("select uname from users where uname=username"); Is there any possibility to get it. I tried but that didn't work. How can i achieve that someone please explain me.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should read up on PreparedStatement; that's the way to pass parameters into SQL code. Read both pages linked from http://docs.oracle.com/javase/tutorial/jdbc/index.html.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65335
97
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using JDBC inside a servlet is no different than using it anywhere else. Please read ItDoesntWorkIsUseless and use it as a guide to detail the problems you are having.

By the way, in a properly structured web application, the JDBC code will be part of the model layer, not the control layer where the servlets live.
 
K. Tsang
Bartender
Posts: 3583
16
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The proper approach to pass parameters into query is to use the PreparedStatement.



Without using PreparedStatement, the query will be identical to
"select username from user where username="+uname;
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Statement is not working with that mechanism which was told by k.Tsang but PreparedStatement worked well..i'm trying to solve that Statement but it is not.is there another mechanism to get that one using Statement.
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My lecturer also said we must use PreparedStatement for passing parameter.is this one manidatory rule?
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A PreparedStatement is a Statement; what's wrong with using it?

PreparedStatement also protects against SQL injection, which is important for web apps. So the rule of thumb is: when using user-supplied parameters to SQL, use a PreparedStatement.
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

is there any way to execute else block inside the while loop. I don't know why control is not going to else block eventhough if condition failed. someone please explain me how can control enters into the else block.Can i use break statement after that if block without using else to execute remaining statements. i want to store details in database when if condition failed. how can i get that tast someone please explain it.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do you know the code does not enter the else block? You should not expect the response output to work if you do a forward. If you want to display status messages, print to the log.


Wow, this is highly confusing code, even when disregarding the meaningless variable names.
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
s1,s2,s3 are request parameters which were come from my html page and i'm placing that html below..i executed that program using some comments and i identified that one(control not entering into the else block).
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
instead of forwar i used include also
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my problem here is control that not entering into the else block
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:How do you know the code does not enter the else block?


s1,s2,s3 are request parameters which were come

It's not important what they are or where they come from. Storing parameter "s2" in variable "s1" and parameter "s3" in variable "s2" is just bound to cause confusion.
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eventhough i changed variable names that not working. I'm asking "else" block..Eventhough i used previous variable names like s,s1,s2 that "if " block executed success fully.
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please tell me how can control trasfter to the "else" block
 
sujesh Katri
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
without using else i used break; statement and i got my desired answer but my doubt here is why control not entering into the "else block".
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The variables names have nothing to do with code execution. I just mentioned that so that in the future you might use less confusing and more meaningful variable names. You (and everybody who reads your code) will be glad you did.

If the "if" branch is executed, then a1.equals(s) && a3.equals(s2) && a2.equals(s1) must be true. Print out the 6 values, and it should become clear why that is - some of them probably have different values than you think they have.
 
Dave Tolls
Ranch Hand
Posts: 2091
15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Here you are selecting from the database where uname, pword and addr match the values supplied.
Then:

You compare those 3 values against the values you just compared them to in the database query.

That is never going to be false is it?
The result of rs.next() is all you need to know whether those values exist in the db. If true, then they exist, if false then they don't.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic