servlet issue

[tjhodge]

I am running this program but instead of redirecting to the next page, the servlet LoginServlet just opens a blank page. Can anyone spot where i may have gone wrong? The servlet is in a package called Login.

Java Code:

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>


    <body bgcolor="blue">
        <form name="f1" method="post" action="LoginServlet">
            <table>
                <tr>
                    <td>Username</td>
                    <td><input type="text" name="t1" ></td>
                </tr>
                <tr>
                    <td>Password</td>
                    <td><input type="password" name="t2"></td>
                </tr>
                <tr>
                    <td></td>
                    <td><input type="submit" name="b1" value="LOGIN"></td>
                </tr>
            </table>
        </form>
    </body>
</html>

Java Code:

package Login;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;

public class LoginServlet extends HttpServlet {

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        PrintWriter pw = response.getWriter();
        response.setContentType("text/html");
        String name = request.getParameter("t1");
        String password = request.getParameter("t2");

        try {

            
            Connection con = DBConnect.DbConnection.getConnection();
            Statement st = con.createStatement();
            ResultSet rs = st.executeQuery("SELECT username, password "
                    + "FROM users "
                    + "WHERE username = " + name + " "
                    + "AND password = " + password);

            if (rs != null) {
                HttpSession session = request.getSession();
                session.setAttribute("username", name);
                response.sendRedirect("next.jsp");
            } else {
                response.sendRedirect("elogin.jsp");
            }


        } catch (Exception e) {
            e.getMessage();
        }
    }
}

[r035198x]

Check the logs to see what exceptions were thrown.

[tjhodge]

I seem to have it working now, the only issue i am having is the redirecting to the error page. There are no errors but its not redirecting. It redirects if the details are correct but if they are wrong it does not .

Java Code:

 Connection con = DBConnect.DbConnection.getConnection();
                Statement st = con.createStatement();

                String user = request.getParameter("t1");
                String pass = request.getParameter("t2");
                String strSQL = "SELECT username, password FROM users "
                        + "WHERE username = '" + user + "' "
                        + "AND password = '" + pass + "'";
                ResultSet rs = st.executeQuery(strSQL);
                String username, password;
                HttpSession session = request.getSession();

                while (rs.next()) {
                    username = rs.getString("username");
                    password = rs.getString("password");

                    if (user.equals(username) && pass.equals(password)) {

                        response.sendRedirect("next.jsp");
                    } else {
                        response.sendRedirect("errorlogin.jsp");
                    }
                }

[r035198x]

Is the name of the JSP correct? Is it in the same folder as the next.jsp?
You should still have got an error message somewhere not just a blank page.

P.S Hopefully you are closing the connections in some finally block that you have not posted.

[Tolls]

Your logic's wrong.

First off:

Java Code:

        } catch (Exception e) {
            e.getMessage();
        }

This is just eating an exception. You should be doing e.printStackTrace().

Second:

Java Code:

                while (rs.next()) {
                    username = rs.getString("username");
                    password = rs.getString("password");

                    if (user.equals(username) && pass.equals(password)) {

                        response.sendRedirect("next.jsp");
                    } else {
                        response.sendRedirect("errorlogin.jsp");
                    }
                }

If the username and password aren't in the db the resultset will be empty, so rs.next() will be false. So the code is never entered.

There's no point rechecking the username/password against what was enetered since the SQL has already done that. So you want to do an "if" not a "while", and the else will be your error login page.

[Tolls]

In fact why are you getting the result from the db based on "t1" and "t2" and then comparing the returned values against "username" and "password"?

[tjhodge]

Thanks for the help, i removed the comparison between username and password and used the if statement and it works great! You help was much appreciated!! Thanks again

[Tolls]

No probs.
At least you did the check in the SQL.
You won't believe the number of people who simply get a resultset from the user table and have Java cycle through it all checking for username and password.