0

I'm trying to insert employee details in sql database, but when I run the program it is showing the registration page after entering employee details output is not coming and it is showing as blank page

this is my web.xml file

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <servlet>
        <servlet-name>CreateServlet</servlet-name>
        <servlet-class>com.sai.CreateServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>CreateServlet</servlet-name>
        <url-pattern>/CreateServlet</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
</web-app>

This is my servlet class

public class CreateServlet extends HttpServlet 
{


protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException 
{
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter(); 
    Connection con=null;
    Statement st=null;
   try
   {
    Class.forName("com.mysql.jdbc.Driver");
    DriverManager.getConnection("jdbc:mysql://localhost:3306/dbemployee","root","");
    con.createStatement();
    String id=request.getParameter("UserName");
    String pwd=request.getParameter("Password");
    String eAdd=request.getParameter("EmpAddress");
    String gender=request.getParameter("MaleorFemale");
    String email=request.getParameter("Email");
    String lang=request.getParameter("languages");
    String nation=request.getParameter("Nationality");
    String date=request.getParameter("RegDate");

    String sql="insert into Employee Values ("+id+" "+pwd+" "+eAdd+" "+gender+"  "+email+"  "+lang+"  "+nation+" "+date+")";
    st.executeUpdate(sql);
    if(id !=null | pwd != null | eAdd!=null | gender !=null |email !=null | lang !=null | nation!=null | date !=null)
    {
        RequestDispatcher rd = request.getRequestDispatcher("/success.html");
        rd.forward(request, response);
    }
    else
    {
        out.println("<font color=red>Please fill all the fields</font>");
        RequestDispatcher rd = request.getRequestDispatcher("/index.html");
        rd.forward(request, response);

    }
 }catch(ClassNotFoundException | SQLException  | NullPointerException e)
   {
       e.printStackTrace();
   }
   finally
    {
        try
        {
            if(st!=null) st.close();
            if(con!=null)con.close();
        }
        catch(Exception e)
        {
            e.printStackTrace();
        }
    }
}

this is my index.html in this i created registration documentation

<body>
      <form name="EmployeeReg" method="post" action="CreateServlet">
        UserName:&nbsp <input type="text" name="UserName" placeholder="username"><br>
        Password:&nbsp &nbsp&nbsp<input type="password" name="password"><br>
        Address :&nbsp&nbsp&nbsp&nbsp <input type="text" name="EmpAdress" placeholder="EmpAddress" ><br>
         Gender : &nbsp&nbsp&nbsp<input type="radio"   name="MaleorFemale" value="Male">MALE<br>
                  &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
                  <input type="radio"   name="MaleorFemale" value="Female">FEMALE<br>

         EMail: &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp  <input  type="text"   name="email" placeholder="email"><br>
 Languages Known: <input type="checkbox" name="languages" value="Telugu">Telugu
                  <input type="checkbox" name="languages" value="Kannada">Kannada
                  <input type="checkbox" name="languages" value="Hindi">Hindi
                  <input type="checkbox" name="languages" value="English">English
                  <input type="checkbox" name="languages" value="Tamil">Tamil
                  <input type="checkbox" name="languages" value="Malayalam">Malayalam<br>
     Nationality: <select name="nationality">
                  <option value="">-- select one --</option>
                  <option value="afghan">Afghan</option>
                  <option value="albanian">Albanian</option>
                  <option value="algerian">Algerian</option>
                  <option value="american">American</option>
                  <option value="andorran">Andorran</option>
                  <option value="angolan">Angolan</option>
                  <option value="antiguans">Antiguans</option>
                  <option value="argentinean">Argentinean</option>
                  <option value="armenian">Armenian</option>
                  <option value="australian">Australian</option>
                  <option value="austrian">Austrian</option>
                  <option value="austrian">Indian</option>
     </select><br>
     Reg.Date:    &nbsp&nbsp&nbsp<input type="date" id="RegDate" value="2010-07-77">
                <button onclick="myFunction()">Try it</button>
                 <p id="demo"></p>
                 <script>
                            function myFunction() {
                            var x = document.getElementById("myDate").value;
                            document.getElementById("demo").innerHTML = x;
                            }
                </script>
     <input type="submit"  value="Submit">
    </form>
</body>
C B
  • 1,677
  • 6
  • 18
  • 20
Sai Kiran
  • 1
  • 1
  • Please learn how to use prepared statements with parameters, your current code is vulnerable to SQL injection. It is also the cause of your problem, because you aren't correctly quoting values. As you are swallowing and ignoring exceptions that is probably why you get a blank page. Check your logs to see what is wrong, although the fix will be to switch to a prepared statement with parameters. See [Using Prepared Statements](https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html) – Mark Rotteveel Aug 24 '18 at 14:48
  • it is not showing any logs – Sai Kiran Aug 24 '18 at 15:19
  • I'm pretty sure there will be a syntax error in one of the logs of your application server (assuming your application server redirects `System.err` to the logs, and most do). – Mark Rotteveel Aug 24 '18 at 15:40

1 Answers1

0

For the servlet to be called the way you're showing it has to implement the doPost method. It would look something like:

 public class CreateServlet extends HttpServlet {

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        PrintWriter out = response.getWriter(); 
        // and the rest of your method.
    }
}

Basically, you've got to rename your current method to doPost so that it is called when you POST the form data to it.

In your browser you should be getting some sort of error back currently. It is unlikely that this is logged to your server logs but if you use the development tools of the browser then you should be able to see what is likely a 400 or 405 error coming back from the server.

And to the point that @MarkRotteveel brought up - do not release this code into a public site as he's 100% right - you're setting yourself up for a SQL injection attack quickly.

stdunbar
  • 16,263
  • 11
  • 31
  • 53