Re: Servlet problem with result from querying an Access db.

David Hildebrandt Thu, 2 Dec 1999 15:31:06 -0800

Hi Andreas:

I have attached another login.html file as a simple example of where a
<TABLE> tag is used to organize HTML page layout.  Try that instead (it is
unfortunately not indented).

Go to http://www.idocs.com/tags/ for a good HTML 4.0 reference.

Each of your LoginServlet users will use it with their own Thread and your
code is not currently Thread safe.  Member variables 'username' and
'password' are exposed to any Thread that happens to be using a LoginServlet
function because they are non-local variables.  For instance, the situation
could arise where MY thread sets 'username' and YOUR thread sets 'password'.
By the time MY thread is executing the SQL statement, I could have YOUR
password but MY user name.  Use local variables instead.

Use POST instead of GET.  With GET, any parameter names and their respective
values (like 'password' and its value) will appear in the browser URL
Location bar.

Finally, try the sql statement before, where no single quotes appear:

String sqlString = "SELECT username, password FROM Lecturers WHERE
username=" + username + " AND password=" + password;

Good luck,


David Hildebrandt
Assure Health Inc.

 <<login.html>>

Title: Login Page

��ࡱ�>�� Root Entry�� F ��<��WordDocument��CompObj��=n�� !"#$%&'()*+,-./0123456789:;<��>��ܥe#� ,l,l �h(��T�hTimes New RomanSymbol Arial MS Sans SerifSymbolTimes New Roman *+XY��%&./459:yz~��]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]8��]]]]]]]]]]]+Y��&/5:z��!��K@��Normala "A@��"Default Paragraph Font��@�� FMicrosoft Word 6.0 Document MSWordDocWord.Document.6�9�q

Re: Servlet problem with result from querying an Access db.

CATT-Drug: Login Page

Reply via email to

User ID
Password