|
David thanks a lot,
I will try it out..
Hi Andreas:
I
have attached another login.html file as a simple example of where
a
<TABLE> tag is used to organize HTML page layout. Try that
instead (it is
unfortunately not indented).
Go to http://www.idocs.com/tags/ for a good
HTML 4.0 reference.
Each of your LoginServlet users will use it with
their own Thread and your
code is not currently Thread safe. Member
variables 'username' and
'password' are exposed to any Thread that
happens to be using a LoginServlet
function because they are non-local
variables. For instance, the situation
could arise where MY thread
sets 'username' and YOUR thread sets 'password'.
By the time MY thread is
executing the SQL statement, I could have YOUR
password but MY user
name. Use local variables instead.
Use POST instead of
GET. With GET, any parameter names and their respective
values
(like 'password' and its value) will appear in the browser URL
Location
bar.
Finally, try the sql statement before, where no single quotes
appear:
String sqlString = "SELECT username, password FROM
Lecturers WHERE
username=" + username + " AND password=" +
password;
Good luck,
David Hildebrandt
Assure Health
Inc.
<<login.html>>
|
