0

I have been trying to get this project working, a project that was working when developed like five six years ago, not sure how to get this back working again. there is a form for a login and whenever I try doing that I get the error

An error occurred at line: [14] in the jsp file: [/web/user2.jsp]
databasecon cannot be resolved
11: String id=null,name=null,userid=null,email=null;
12:     try{
13:         
14:     Connection con = databasecon.getconnection();
15: PreparedStatement ps=con.prepareStatement("select id,name,userid,email from user where userid='"+a+"' && pass='"+b+"'");
16: ResultSet rs=ps.executeQuery();
17: if(rs.next())


Stacktrace:
    org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
    org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:213)
    org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:544)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:381)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:351)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:335)
    org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:597)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:399)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:382)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

this is the jsp code

<%@ page import="java.sql.*,databaseconnection.*"%>

<%


   
    String a=request.getParameter("user1");
String b=request.getParameter("pass");
    
    
String id=null,name=null,userid=null,email=null;
    try{
        
    Connection con = databasecon.getconnection();
PreparedStatement ps=con.prepareStatement("select id,name,userid,email from user where userid='"+a+"' && pass='"+b+"'");
ResultSet rs=ps.executeQuery();
if(rs.next())
        {
        id=rs.getString("id");
        name=rs.getString("name");
        userid=rs.getString("userid");
        email=rs.getString("email");
                session.setAttribute("id",id);
        session.setAttribute("name",name);
        session.setAttribute("userid",userid);
        session.setAttribute("email",email);        
        //response.sendRedirect("user5.jsp");
    response.sendRedirect("user3.jsp");
        //out.print(name2);
        }
        else
        {
        out.println("enter correct user id and password");
        }
        

    }
    catch(Exception e2){
        out.println(e2.getMessage());
    }
%>

the java class

package databaseconnection;
import java.sql.*;

public class databasecon
{
    static Connection con;
    public static Connection getconnection()
    {
        
            
        try
        {
            Class.forName("com.mysql.jdbc.Driver"); 
            con = DriverManager.getConnection("jdbc:mysql://localhost:3306/tpa","root","root");
        }
        catch(Exception e)
        {
            System.out.println("class error");
        }
        return con;
    }
    
}

this is what I have in web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" 
    xmlns="http://java.sun.com/xml/ns/j2ee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>
</web-app>

I have put up everything I could see people using, but I couldn't get this working.

SomannaK
  • 126
  • 1
  • 10

1 Answers1

0

It is not clear whether the problem is the syntax of the JSP or a classpath problem.

The tutorials that I have seen all show a space after the comma when you import multiple classes; e.g.

<%@ page import="java.sql.*, databaseconnection.*"%>

                            ^

On the other hand, the JSP 2.3 specification that I looked at does not explicitly require a space. It says:

"The value is as in an import declaration in the Java programming language, a (comma separated) list of either a fully qualified Java programming language type name denoting that type, or of a package name followed by the .* string, denoting all the public types declared in that package."

Alternatively, you could use separate imports; e.g.

<%@ page import="java.sql.*"%>
<%@ page import="databaseconnection.*"%>

The problem could also be that you haven't correctly included the JAR containing the compiled databasecon class in your webapp's WAR file.

Having said that:

  1. It is a BAD IDEA to ignore Java identifier conventions. A class name should start with an uppercase letter.

  2. It is a BAD IDEA to embed business logic (such as database queries) in JSPs. It is better to just use JSPs for rendering. There are a number of reasons for this; see JSTL vs JSP Scriptlets for a summary.

  3. It is a VERY BAD IDEA to create queries by string concatenation, especially when some of the string components are taken from user request parameters. Read about SQL Injection attacks. You should use a PreparedStatement.

  4. It is a VERY BAD IDEA to store passwords (in the cleartext or encrypted) in your database; see

    The recommended approach is to store salted crypto hashes.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • Should also add 3. BAD IDEA to misuse PreparedStatement 4. BAD IDEA to store cleartext passwords in database... – Gyro Gearless Jul 05 '21 at 07:52
  • Yes I do realize the problems of doing all those stuff, I want to change them, but first I need to get this thing working. Apparently this was a working project so I hardly doubt it is a syntactical issue. But again this is old project and it might be that too. But yes I tried splitting the import statements and still got the same HTTP Status 500 – Internal Server Error, which I have been getting from the beginning. – SomannaK Jul 05 '21 at 09:05
  • Have you checked the other issue? – Stephen C Jul 05 '21 at 09:06