-
login page
Hi,
I got problem with my login page. If i use wrong username, it will loop That account does not exist. Try again two times. If i use correct username, it also show it..
This is my code:
Code:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@page language="java" %>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<%@page import="java.sql.*" %>
<%
Connection con = null;
try{
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/sms","root","optimal3");
Statement stm = null;
ResultSet rs = null;
String username = request.getParameter("username");
String password = request.getParameter("password");
stm = con.createStatement();
String query = "select username, password from account_user";
rs = stm.executeQuery(query);
%>
<%
while(rs.next())
{
String dbusername = rs.getString(1);
String dbpassword = rs.getString(2);
if(dbusername.equals(username) && dbpassword.equals(password))
{
out.println("You are logged in");
}
else
{
out.println("That account does not exist. Try again.");
}
}
%>
<%
}
catch(SQLException ex){
}
%>
Click <a href="sms.jsp">here</a> continue
</body>
</html>
-
Hello
Why r u selecting whole user from database and then chk it for existing user,
Instead of user following query which chk user name and pass of user with Database
String query = "select * from account_user where username='"+username+"' and password='"+password+"'" ;
and then if user exist it will return 1 row otherwise no row will be returned
you can chk this condition
if(rs.next())
{
//user exist code
}
else
{
// user not exidt code
}
Regards
