You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Uma Maheswar <he...@globalleafs.com> on 2002/02/23 05:39:45 UTC

Checking with DB

Hi,
Please help me with this. Please see the code below. It doesn't work, if I give the correct id and password.But it works if I say (!rs.next()). The same type of programme worked for me in case of other tables. Could any one pls help me solve this problem.

   String id = req.getParameter("userid");
   String pwd = req.getParameter("password");
   
   ServletOutputStream sos = res.getOutputStream();
   rs = st.executeQuery("select * from uma where userid='"+user+"' and password='"+pwd+"' ");
   sos.println("<html><body bgcolor=lightyellow>");

   if(rs.next())
   {

sos.println("you are lucky");   
sos.println("<input type='submit' value='Submit' name='submit'></p>");
   }
   else
   {
    sos.println("<h2>Get out of my site</h2>");
   }
   sos.println("</body></html>");
 
  
  }
  catch(Exception e)
  {
   e.printStackTrace();
  }
 }
}

Re: Checking with DB

Posted by David Slater <dj...@bellsouth.net>.
Not sure how this is Tomcat related other than it looks like you are 
working on a servlet, but what the hell:

Of course !rs.next() would work, as in return 'you are lucky', cause 
I'll bet it's null/empty.

Try System.out.println'ing the request params after getting them into 
the Strings, and construct the SQL command string and println it too 
before it gets used at the query line.  Then you can at least see a 
little what is going on internally.  Could be case, spaces, etc hosing 
you up here.  Never use request params without checking them for null or 
invalid values first.  And don't use *, specify the field names, it 
won't help here but is good practice.


Uma Maheswar wrote:
> Hi,
> Please help me with this. Please see the code below. It doesn't work, if I give the correct id and password.But it works if I say (!rs.next()). The same type of programme worked for me in case of other tables. Could any one pls help me solve this problem.
> 
>    String id = req.getParameter("userid");
>    String pwd = req.getParameter("password");
>    
>    ServletOutputStream sos = res.getOutputStream();
>    rs = st.executeQuery("select * from uma where userid='"+user+"' and password='"+pwd+"' ");
>    sos.println("<html><body bgcolor=lightyellow>");
> 
>    if(rs.next())
>    {
> 
> sos.println("you are lucky");   
> sos.println("<input type='submit' value='Submit' name='submit'></p>");
>    }
>    else
>    {
>     sos.println("<h2>Get out of my site</h2>");
>    }
>    sos.println("</body></html>");
>  
>   
>   }
>   catch(Exception e)
>   {
>    e.printStackTrace();
>   }
>  }
> }
> 
> 
> 




--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Checking with DB

Posted by Anja Falkner <an...@fimedia.de>.
Hi,

I don't know if this is the cause of your problem, but you have to decode
the ' in your SQL-string.
Write \' instead of '

Anja


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>