problem in accessing SQL quiry in servlet

Question

1.00/5 (1 vote)

See more:

Dears,

I face a problem in accessing DB from servlet but i din't catch the error, so kindly any help.

------validation.java--

Java

package register;
import java.sql.*;

public class validate {
   
 
     public static boolean checkUser(String name,String pass) 
     {
      boolean st =false;
      try{

	 //loading drivers for mysql
         Class.forName("com.mysql.jdbc.Driver");

 	 //creating connection with the database 
         Connection con=DriverManager.getConnection
                        ("jdbc:mysql://localhost:3306/userregister","root","root");
         PreparedStatement ps =con.prepareStatement
                             ("select * from register where userName=? and password=?");
         ps.setString(1, name);
         ps.setString(2, pass);
         ResultSet rs =ps.executeQuery();
        
      }
catch(Exception e)
      {
          e.printStackTrace();
      }
         return st;                 
  }   
}
------------login.java-----------------
package register;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;


public class login extends HttpServlet {
 
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter();
       // out.println("in login classs");
        
        String name = request.getParameter("username");
        String pass = request.getParameter("password");
        
         
        if(validate.checkUser(name, pass))
        {
            RequestDispatcher rs = request.getRequestDispatcher("welcome");
            rs.forward(request, response);
        }
        else
        {
            
           out.println("Username or Password incorrect");

        }
    }  
}
--------------------------web.xml-------------

<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
        <servlet>
        <servlet-name>login</servlet-name>
        <servlet-class>register.login</servlet-class>
    </servlet>
    <servlet>
        <servlet-name>Welcome</servlet-name>
        <servlet-class>register.welcome</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>login</servlet-name>
        <url-pattern>/login</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>Welcome</servlet-name>
        <url-pattern>/welcome</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
</web-app>

Posted 12-Jan-16 5:24am

nashwa_ahmed

Updated 12-Jan-16 7:39am

v2

Add a Solution

Comments

Richard Deeming 12-Jan-16 11:31am

How do you expect anyone to be able to help you without knowing what the exception is?

Also, don't store passwords in plain text. Store a salted hash of the password instead:
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

nashwa_ahmed 12-Jan-16 14:00pm

Dear Richard and all,

unfortunately no exception thrown only the validation class return false forever.

about password thanks for your help and i did it.

---thanks for instruction

2 solutions

Solution 3

adding library (mysql-connector-java-5.1.38-bin.jar) to the project

Posted 13-Jan-16 22:00pm

nashwa_ahmed

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2016-01-12T08:16:00

nashwa_ahmed wrote:

the validation class return false forever

That's hardly surprising - based on the code you've posted, you declare a variable called st, initialize it to false, execute a query, and then return the value of st. You never update the value of the variable, so the method always returns false.

I suspect you're missing a line from your checkUser method:

Java

ResultSet rs = ps.executeQuery();
st = rs.next();

However, as I mentioned in the comments, storing passwords in plain text is a very bad idea. You should be storing a salted hash of the password, using a unique salt per record. To validate the password, you would then need something like this:

Java

PreparedStatement ps = con.prepareStatement("select salt, hashedPassword from register where userName = ?");
ps.setString(1, name);

ResultSet rs = ps.executeQuery();
if (rs.next())
{
    byte[] salt = rs.getBytes(0);
    byte[] hashedPassword = rs.getBytes(1);
    byte[] enteredPassword = HashPassword(pass, salt);
    st = java.util.Arrays.equals(hashedPassword, enteredPassword);
}

where HashPassword is the same function you use to hash the password when the user registers.
Secure Salted Password Hashing - How to do it Properly[^]

You should also consider using a constant-time equality test for the byte arrays, to avoid timing attacks:
A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) | codahale.com[^]

problem in accessing SQL quiry in servlet

2 solutions

Solution 2

Solution 3

Add your solution here

Preview 0

Existing Members

...or Join us