Several points, in no particular order:
Java code belongs in a backing bean or a
servlet, not jn JSPs (which should only be used to generate the view).
The code is wide open to SQL injection attacks; start using PreparedStatement. You seem to have started doing that, but the parameter isn't added correctly, and it isn't actually being used.
The passwords seem to be stored in cleartext, which is another big no-no; they should be hashed using an algorithm such as SHA-2. That way they can not ever be accessed as cleartext.
As to debugging, I suggest to print out the full stack trace of exceptions, not just what line 43 does.