Storing Passwords in Access Database

Hi,
i have an 'insert form" where students enter their details including their password....

<td><b>Paswword:</b></td>
      <td>
     <input type="password" name="Password"> Password        
         
      </td>
    <tr>
  </table>
<input type="submit" name="Insert" value="Insert Student">


then the form gets processed i.e. the data is sent to my access database.....
statement.setString(12,request.getParameter("Paswword"));
statement.executeUpdate();

<td width="28%" aligh="right">Password</td>
      <td width="72%">
        <%= request.getParameter("Password") %>
         
      </td>
    </tr>

when the form is processed the password is not encrypted, which is o.k, but when i check my access database, the password has not been inserted in the db? why is that? how can I resolve this matter, and still keep the "input type" as password.

Thanx
neksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cheekycjCommented:
input type password shouldn't be changed.

one thing I noticed:

your field name is "Password"

but in your code you are retrieving "Paswword"

try this:

statement.setString(12,request.getParameter("Password"));
statement.executeUpdate();

CJ
0
neksAuthor Commented:
Thanx,
yeah it was a typing error. Another thing. When a user logs in (with the right password), their name and surname is revealed, with links to "view", "update" or "delete" their record, if one of these links are clicked on, what code do I use to go back to the previous page where the other links are?

String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
     
</tr>

sample of the "viewbuddyform"

String query = "SELECT * FROM Student WHERE StudentID = ?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setInt(1,Integer.parseInt(request.getParameter("id")));
java.sql.ResultSet RS = statement.executeQuery();
%>

<%
while(RS.next())
     {
%>
<form method="Post" action="DisplayDetailedRecord.jsp">
  <table width="50%" border="1">
    <input type="hidden" name="StudentID" value="<%=RS.getString("StudentID") %>">
    <tr>
      <td width="30%"><b>First Name:</b></td>
      <td width="70%"><%=RS.getString("FirstName") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Surname:</b></td>
      <td width="70%"><%=RS.getString("Lastname") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Sex:</b></td>
      <td width="70%"><%=RS.getString("Sex") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Age:</b></td>
      <td width="70%"><%=RS.getString("Age") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Code:</b></td>
      <td width="70%"><%=RS.getString("CourseID") %></td>
    </tr>
    <tr>
      <td width="30%"><b>Degree Name:</b></td>
      <td width="70%"><%=RS.getString("CourseName") %></td>
    </tr>
  </table>

so thus, how would I go back to the previous page?
0
cheekycjCommented:
you can do two things.

1.  provide a link that has the link with the main page hard coded (recommended b/c it won't fail)

2.  use javascript:
<SCRIPT LANGUAGE="JavaScript"><!--
function back() {
    history.go(-1);
}
//--></SCRIPT>

<A HREF="javascript:back()">Back</A>

HTH,
CJ
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

neksAuthor Commented:
im a new learner when it comes to JSP. If you hard code the page, will it still work if another user uses the same page?

plus can you show me how its done because I have no idea
Thanx
0
cheekycjCommented:
what you should do is store their login information, username in session.  so you can retrieve the information for the user who is logged in.

If the session information doesn't exist redirect them to the login page.

If you need help with this let me know, I can post some sample pseudo code for you.

CJ
0
neksAuthor Commented:
This is what I have done so far for the login information. I need an if statement somewhere incase the username or password is incorrect, directing them to another page, where would that go in my coding below....

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
String ID = "";
while(RS.next())
     {
                    ID = RS.getString("StudentID");    
%>

<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
     
0
neksAuthor Commented:
hello,
I still need help with an IF statement, where and what code I should use if the password or username is incorrect (using the code above). Please help.
neks
0
cheekycjCommented:
do this:

boolean successfulLogin = false;
<%
while (RS.next()) {
  successfulLogin = true;
                  ID = RS.getString("StudentID");    
%>

<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>

<% } %>
<% if (! successfulLogin) {
      response.sendRedirect("yourloginform.jsp");
   }
%>

You should store successfulLogin in session so that every page checks for it and redirects to your login form if the user has not logged in.

CJ
0
neksAuthor Commented:

Sorry about this, but Im not sure what you mean by storing "successfulLogin" in session, and i guess thats why an error is coming up saying there is no entity called "succesfulLogin" :(
0
cheekycjCommented:
I mean that the above will work for the login submit page.

But to prevent users from directly accessing urls and not logging in you need to store their logged in status in sessino.

the above code should work without that.

lets first fix the above code, then we can get into session stuff.

CJ
0
neksAuthor Commented:
using your code above that you posted brings up an error saying that "there is no entity called successful Login". I have used the exact code... this is my code below;


boolean successfulLogin = false;
<%
String ID = "";
while(RS.next()){
successfulLogin = true;

                    ID = RS.getString("StudentID");    
%>


<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
     response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>

where am i still going wrong then? I have also created a jsp page called "yourloginform"
0
cheekycjCommented:
move boolean successfulLogin inside the <% ... %> like so:

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                   ID = RS.getString("StudentID");    
%>


<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
    response.sendRedirect("yourloginform.jsp");


}
RS.close();
connection.close();
%>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
neksAuthor Commented:

Thanks a million you for your help. You were great!
and most of all patient... Its greatly appreciated
Neks
0
cheekycjCommented:
glad I could help and thanx for the "A"

CJ
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.