0

My JSP page contains the following code for login authentication:

<%
 System.out.println("Entered");
 String username=request.getParameter("username");
 String password=request.getParameter("password");
 Connection con=getConnection.getConnectionBuilder();

 PreparedStatement pstmt=con.prepareStatement("Select password from users where username=? and password=?");
 pstmt.setString(1, "username");
 pstmt.setString(2, "password");
 boolean ifTrue=pstmt.execute();
 System.out.println(""+ifTrue);
 if (ifTrue==false)
 {
    out.print("Invalid userid and password combination");
 }
%>

Now the problem is "The query returns no rows selected from Oracle when I am putting invalid username and password combination and I am unable to understand how can I catch this message. I have tried using Boolean, but as expected it is returning true. I could not find any method of pstmt which returns string and executeUpdate returns integer.

Mistu4u
  • 5,132
  • 15
  • 53
  • 91
  • 2
    You should use executeQuery() method that returns ResultSet and check that if it contains any records. ANd by the way this is really bad practice to have code like that in the JSP... – Zyga Aug 18 '14 at 11:18
  • @Zyga, "Bad practice" how? – Mistu4u Aug 18 '14 at 11:21
  • 2
    In addition to what Zyga said, you might want to check your if statement: `if (ifTrue=false)` is wrong. [BalusC's excellent answer on this question](http://stackoverflow.com/a/3180202/3419894) contains some background on why you shouldn't use Java code in your JSPs. – JonK Aug 18 '14 at 11:22
  • 3
    Unrelated, but: do **not** create a connection each time your JSP is called. Use a proper connection pool and move your JDBC code out of the JSP page into the backend. –  Aug 18 '14 at 11:32

1 Answers1

0

Please try the below code.

PreparedStatement pstmt = con.prepareStatement("Select password from users where username=? and password=?");
pstmt.setString(1, "username");
pstmt.setString(2, "password");
ResultSet resultSet = pstmt.executeQuery();

if(!resultSet.next()) 
    out.print("no rows selected");
}
Siva Kumar
  • 1,983
  • 3
  • 14
  • 26