Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
2
<%@ page import="java.sql.*" %>
<%@ page import="java.io.*" %>
<html>
<head>
<title>login</title>
</head>
<body>
<%
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
String username = request.getParameter("username");
String password = request.getParameter("password");
//String userid = request.getParameter("userid");
try{
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection con=null;
ResultSet rst=null;
Statement stmt=null;
con=DriverManager.getConnection("jdbc:mysql://localhost/test", "root", "root");
stmt=con.createStatement();
String query = "select * from testa where username='"+username+"' and password='"+password+"'";
System.out.println(query);
ResultSet rs = stmt.executeQuery(query);
stmt.executeUpdate("UPDATE testa SET userid = userid + 1 WHERE username = '"+username+"'");
//int i = stmt.executeUpdate(query);
if(rs.next()){
if(rs.getInt(1)>2) {
pw.println(" you have logged in 2 times");
}
else{
pw.println("<font color=green size=5>congratulation</font>");
}
}
else{
pw.println("<font color=red size=5>this account does not exist</font>");
}
}
catch(Exception e){
System.out.println(e.getMessage());
}
%>
2 replies to this topic
#1
Posted 20 February 2011 - 01:12 PM
mutago
-
- Members
-
- 102 posts
Programmer
Good day everyone, am developing user login form such that if the user login twice the account will lock but my code returns empty page. Please how do i proceed below is my work so far thanks
Back to top|
|
|
#2
Posted 20 February 2011 - 11:14 PM
wim DC
-
- Members
-
- 2,084 posts
Writes binary right handed and hex left handed
- Programming Language:Java, JavaScript, PL/SQL
- Learning:Java
I think that the only reason that could happen is when if(rs.next()) is false.
Try printing it out before the if statement to be sure: System.out.println("rs.next() = " + rs.next() );
IF that's the problem.
Try moving
-You also have possible SQL-injection on your page like that.
Try logging in with
Try printing it out before the if statement to be sure: System.out.println("rs.next() = " + rs.next() );
IF that's the problem.
Try moving
stmt.executeUpdate("UPDATE testa SET userid = userid + 1 WHERE username = '"+username+"'");
down, untill after the if-statement. maybe the resultset is still somehow linked to the statement object, and performing a new query may change its content.-You also have possible SQL-injection on your page like that.
Try logging in with
' OR 1=1 --as username and / or password
#3
Posted 21 February 2011 - 12:56 PM
mutago
-
- Members
-
- 102 posts
Programmer
Thanks, I have done all that you said but it now display error message "this account does not exist" whether valid or invalid account is entered. Please check if the problem is from my if statement. In php i can do it by fetching the rows thus
// get user userid from database, as that is all we need
$user = "SELECT userid FROM testa WHERE username='$username' AND password='$password'";
$userres = mysql_query($user);
// fetch the single user row we had selected
$row = mysql_fetch_row($userres);
// check if the user exists first
if(mysql_num_rows($userres) != 0) {
// check if the user has loged in 2 times
if($row[0] >2) {
echo "Error - Your account has been closed.";
} else {
//successful login, increment count by one
mysql_query("UPDATE testa SET userid = userid + 1 WHERE username = '$username'");
//redirect them to the page
echo "Should be redirected now";
}
} else {
//if their username and password returned nothing
echo "Error - Your account does not seem to exist.";
}
how do i fetch the row in jsp. thanks
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
