Thursday 15 July 2010

how to check the username and password before insert in servlet -


I want to see the username and password before entering the details in the table if the user name and password are entered in another table and the username If the password matches, then only the details are allowed to enter. Please provide the code.

I am using Net Bean 7.0.1 and mysql databases.

My code is: - 

  string query 1, pass 1; Query1 = "Choose a password from user name, login"; Stmt.executeQuery (QUERY1); Results set rs = stmt.getResultSet (); While (rs.next ()) {user1 = rs.getString ("user name"); Pass1 = rs.getString ("password"); If (user1.equals ("username") & amp; amp; user1.equals ("password")) {query = '+ IO_number +', '"" Units (IO_number, Physical_progress, Financial_progress, Final_Completion_Date) In '' + Physical_progress + '', '' + Financial_progress + '', '' + Final_Completion_Date + '') "; Int i = stmt.executeUpdate (query); }}    
 
 
 You already have the basics of the questions below, but which It looks like now, it is dangerous and is a liability because it is unsafe for SQL injection.  
 In this example, I will show you how to do query by preparstatements (which is safe by the way) and how you can check if there are any given combination of username and password Users are present)  
  try {// This part assumes that you have your database / connection provider conn = getConnection (); String query = "Select the name of the table (*), where username =? And password =?"; Pstmt = conn.prepareStatement (query); Pstmt.setString (1, user name); // The first question mark pstmt.setString (2, password) puts usernames in the position of; // and password in the second one. Rs = pstmt.executeQuery (); If (rsnext ()) {int numberOfRows = rs.getInt (1); System.out.println ("numberoffareue =" + numberofofro); If (numberOfRows == 0) {System.out.println ("No user found for this username and password"); } Else {// You can set a flag here to indicate that you have a username and password}} and {System.out.println ("Error: could not find the record number"); }} Hold (exception e) {e.printStackTrace (); } Finally {try {rs.close ()} pstmt.close (); Conn.close (); } Hold (SQLException e) {e.printstaxtrace (); }}   
 To read more, I recommend you to   

 








Posted by



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)