Jennifer: Try sticking in tags "<HTML><BODY>" in the beginning and the
corresponding end tags at the end. My guess is if you looked at the source code
in your browser, your happy message is in fact being generated. Maybe you are
just not "seeing" it is all..
Another thing: why aren't you simply using one query? As in:
"SELECT Id FROM Details WHERE Password = password AND Id =id"..
Why would you want to tell the user which field is wrong? Isnt that actually
being helpful to some hacker of your system? Also, if you used the query above,
then all you have to do is check to see if your result set is nonempty and your
code would be dong far less work.. right? Just a thought..
Geeta
Jennifer Feeney wrote:
> Hi all,
>
> Can anyone please tell me why the following code does not work the
> way it is supposed to....
>
> Description:
> ======================================================================
> ===============
> The cose is a servlet, which takes parameters passed in by a user, Id
> and Password.
>
> The servlets main job is to authenticate users, if they are
> registered, then there
> details are stored in my database and two of the fields in the data
> base are Id and Password, so it basically, compares the values in the
> database to those entered by the
> the user, to validify any particular user.
>
> If the user enters the wrong Password, it comes back and sends
> a "Incorrect Password" message to the user......
> If the user enters the wrong Id, it comes back and sends a "Incorrect
> Id" message to the user......
>
> It does both of these CORRECTLY.
>
> However, if the user is in fact a registered customer, ie correct Id
> and Password entered, it returns with a Blank Html page........and
> does not generate any sort of error......everything seems to
> be "happy" apart from displaying the built in "Welcome message" to
> the user......
>
> The weird thing is no errors are generated............
>
> I have been trying to solve this for hours, but cannot see what I am
> doing wrong....
>
> Can anyone please help!
>
> Below is the code, which is compiling correctly and not generating
> any errors!
>
> CODE:
> ======================================================================
> ==================
>
> public void doPost( HttpServletRequest req,
> HttpServletResponse res )
> throws ServletException, IOException
> {
> String password ,id;
>
> id = req.getParameter("IdNo");
> password = req.getParameter( "Password" );
>
> PrintWriter output = res.getWriter();
> res.setContentType( "text/html" );
>
> if (id.equals( "" ) ||
> password.equals( "" )) {
> output.println( "<H3> Please click the back " +
> "button and fill in all " +
> "fields.</H3>" );
>
> output.close();
> return;
> }
>
> try{
>
> Statement statement =
> connection.createStatement();
> String query = "SELECT Id FROM Details " +
> "WHERE
> Password = '" + password + "'";
>
> ResultSet rs = statement.executeQuery(
> query );
> while(rs.next()){
> int idT = rs.getInt("Id");
> if(idT != Integer.parseInt(id)){
> output.println( "<H1><Font
> color:Red>Incorrect Id Entered!</FONT><BR></H1>");
> output.println( "<BR><BR><H1><Font
> color:Blue>Please click the, Back, button and try again!
> </FONT><BR></H1>");
> }
> else return;
> }
>
> //Statement statement1 = connection.createStatement();
> String query1 = "SELECT Password FROM
> Details " +
> "WHERE Id = "
> + id ;
>
> ResultSet rs1 = statement.executeQuery(
> query1 );
> while(rs1.next()){
> String passwordT = rs1.getString("Password");
> int x = passwordT.compareTo(password);
>
> if(x > 0 || x < 0){
> output.println( "<H1><Font
> color = Red>Incorrect Password!</FONT><BR></H1>");
> output.println
> ( "<BR><BR><H1><Font color = Blue>Please click the, Back, button and
> try again!</FONT><BR></H1>");
>
> }
> else{
> output.println( "<H1><Font
> color = Blue>Welcome to our Online Service!</FONT><BR></H1>");
> output.println(getServletInfo());
>
> }
>
> return;
> }
>
> connection.close();
>
> }
>
> catch ( SQLException sqlex ){ //catch any exceptin that
> may occur as a result of try
> sqlex.printStackTrace();
> //output.append( sqlex.toString() );
> }
> catch (Exception E) {
> output.println("Error " + E.toString());
> }
>
> output.close();//close output
>
> }
>
> public String getServletInfo(){
> return "This servlet was developed by Jennifer, for FYP,
> 2001";
> }
>
> END CODE:
> ======================================================================
> ================
>
> Thank you inadvance to anyone that can help me with this very
> frustrating problem!
>
> Best Regards,
> Jennifer
>
> _____________________________________
>
> Get your free E-mail at http://www.ireland.com
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
