I think you're missing the point a little Andreas: presuming each user has only
one entry in the database, if your select statement returns any row they should
be granted access.
Your code could look something like this instead:
rs = stmt.executeQuery( "SELECT USERNAME, PASSWORD FROM LECTURERS WHERE
USERNAME = '" + username + "' AND PASSWORD = '" + password + "'" );
if( rs.next() ) {
response.sendRedirect( "http://andreas:8080/0bookform.html" );
} else {
out.println( "Access Denied" );
}
- simon
Andreas wrote:
> hi everybody,
>
> I have the following servlet and I am new to the language. I am trying to
> check username/password values coming from a form with those against an
> access database(associated table with username/pasword etc.). In the middle
> of the code I have some comments with my idea only that I am trying to
> implement it and somehow I am stuck...
>
> Any suggestions?
>
> import java.io.*;
> import java.util.*;
> import java.sql.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
>
> public class LoginServlet extends HttpServlet {
>
> static String username = "";
> static String password = "";
>
> public void doGet(HttpServletRequest req, HttpServletResponse res)
> throws ServletException, IOException {
>
> username = req.getParameter("username"); //via req parameter grab username
> (textfield)input from form
> password = req.getParameter("password"); //via " " " password
> (textfield)input " "
>
> //set the output stream that goes back to the browser to HTML
> res.setContentType("text/html");
>
> //get a handle to the writer going back to the client
> PrintWriter out = res.getWriter();
>
> //Create a connection object
> Connection con = null;
>
> //Create a statement object
> Statement stmt = null;
>
> //Create a ResultSet object to encapsulate retrieved data
> ResultSet rs = null;
>
> try {
>
> //Load the jdbc:odbc bridge/driver
> Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
>
> //Get a connection to the Access database
> con = DriverManager.getConnection("jdbc:odbc:RoomBookDB", "andreas",
> "stellatos");
>
> //Create a statement object that is used for querying the database
> stmt = con.createStatement();
>
> //Execute SQL query and get a result set
> rs = stmt.executeQuery("SELECT USERNAME, PASSWORD FROM LECTURERS WHERE
> USERNAME = "+username+" AND PASSWORD = "+password);
>
> //move along each row in the 2 columns username, password and retrieve
> their values
> while(rs.next()) {
> username = rs.getString("username");
> password = rs.getString("password");
>
> //here I want to put some code saying: IF the text input in the LoginForm
> //matches any of the table/columns values then
> //ReDirect to Main Online Booking Form either via
> out.println("<HTML>...") or
> //simply by redirecting to a ready made URL like
> http://andreas:8080/OBookForm.html
> //ELSE out.println("Access Denied, please try again!")
> }
> //Handle a series of exceptions
> catch(ClassNotFoundException e) {
> out.println("Couldn't load the database driver: " + e.getMessage());
> }
> catch(SQLException e) {
> out.println("SQLException caught: " + e.getMessage());
> }
>
> finally {
> //Close the database connection
> try {
> if (con != null) con.close();
> }
> catch(SQLException ignored) { }
> }
>
> }
>
> }
>
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
