Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 154
  • Last Modified:

Can I add another IF statement?

I have an if statement to allow a user access to the web page as long as they have the right password. The second stage is when they successfully login there is another button on that web page that allows a user to search for a buddy, but only "1st" year students, can search (not 2nd or 3rd years), how do i tackle this. My code is below....


Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>-</b></td>
     <td><b>First Name</b></td>
     <td><b>Surname</b></td>
     
</tr>

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                    ID = RS.getString("StudentID");    
%>


<tr>
     <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
     <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
     <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
     <td><%=RS.getString("FirstName") %></td>
     <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
     response.sendRedirect("yourloginform.jsp");

}
RS.close();
connection.close();
%>

</table>
</td>
  </tr>
 </tr>
<P><p><a href="ThreeSearchesDirectory.jsp">Search for a Buddy</a></p>
     </td>
  </tr>
0
gotchi
Asked:
gotchi
1 Solution
 
fargoCommented:
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
    <td><b>-</b></td>
    <td><b>-</b></td>
    <td><b>-</b></td>
    <td><b>First Name</b></td>
    <td><b>Surname</b></td>
   
</tr>

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                   ID = RS.getString("StudentID");    
%>


<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
<script>
   location.href = "yourloginform.jsp";
</script>
}else{
<script>
   location.href = "ThreeSearchesDirectory.jsp";
</script>
}

RS.close();
connection.close();
%>

</table>
</td>
 </tr>
</tr>
 </td>
 </tr>

moreover, try to close the connection and rs after execution in
try{
}catch(){
}finally{
// close the connection here
}

Hope this helps
happy working
fargo
0
 
gotchiAuthor Commented:
i dont think my question was clear enough. My code works, but i need to add in more code to allow or deny furthur access to the user. When the user clicks on the button "Search for a buddy", (look at my code above) I only want "1st" year students to search not 2nd or 3rd, so the code should be able to look at the database under the column "Year", and allow the user to search if they are 1st years.  I hope this is clearer on what I want to achieve
0
 
amit_chauhanCommented:
I guess, you would be storing student_year (1st yr, 2nd yr or 3rd yr) somewhere in your database. Fetch that along with student_id and name etc. Assuming, its stored in the same table, your query would look like this :

String query = "SELECT StudentID,FirstName,LastName,UserName, Password, student_year FROM Student WHERE UserName=? AND Password=?";

Define a variable String studentYear on the top:

int studentYear = 0;

Add this line where you are getting the student ID:

studentYear = rs.getInt ("student_year");

Lastly, add this line where your 'Search for a buddy' link is :

<%
  if (studentYear == 1)
  {
%>
<a href="ThreeSearchesDirectory.jsp">Search for a Buddy</a>
<%
  }
%>

'Search for a buddy' will not be displayed for students other than 1st year students.

Putting it all together, your code will look like this :

<%

int studentYear = 0

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:odbc:Student_db","","");
String query = "SELECT StudentID,FirstName,LastName,UserName, Password, student_year FROM Student WHERE UserName=? AND Password=?";
java.sql.PreparedStatement statement = connection.prepareStatement(query);
statement.setString(1,request.getParameter("UserName"));
statement.setString(2,request.getParameter("Password"));
java.sql.ResultSet RS = statement.executeQuery();
%>


<table BORDER WIDTH="100%" >
<tr>
    <td><b>-</b></td>
    <td><b>-</b></td>
    <td><b>-</b></td>
    <td><b>First Name</b></td>
    <td><b>Surname</b></td>
   
</tr>

<%
boolean successfulLogin = false;
String ID = "";
while(RS.next()){
successfulLogin = true;

                   ID = RS.getString("StudentID");
                   student_year = RS.getInt ("student_year");
%>


<tr>
    <td><a href="ViewBuddyForm.jsp?id=<%=ID%>">View</a></td>
    <td><a href="UpdateBuddyForm.jsp?id=<%=ID%>">Update</a></td>
    <td><a href="DeleteBuddyForm.jsp?id=<%=ID%>">Delete</a></td>
    <td><%=RS.getString("FirstName") %></td>
    <td><%=RS.getString("LastName") %></td>
</tr>

<% } %>
<% if (! successfulLogin) {
    response.sendRedirect("yourloginform.jsp");

}
RS.close();
connection.close();
%>

</table>
</td>
 </tr>
</tr>
<P>
<%
  if (studentYear == 1)
  {
%>
<p><a href="ThreeSearchesDirectory.jsp">Search for a Buddy</a></p>
<%
  }
%>
    </td>
 </tr>



Hope that helps
Thanks
Amit
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
gotchiAuthor Commented:
That doesnt work. Firstly The "search for a Buddy" button does not appear on the screen, so therefore i cannot test the if statement for "year". Please keep in mind that when the user signs in, and then proceeds to doing a search the program has to coresspond to the same user, meaning it should read it from the users record only.
Thanx :)
0
 
amit_chauhanCommented:
What exactly do you want to happen ? The code I gave will have 'search for Buddy' button appear only for 1st year students and will not appear for any other year's users.
If this is not the behaviour you want, then what exactly should happen when the user comes to this page after login. If the button is to be displayed for all the users, then should a message be displayed when the user clicks on the button, that hes not allowed to search because hes not a first year student ?

Please specify little more in detail about what kind of behaviour you want.

Thanks
Amit
0
 
gotchiAuthor Commented:
Hi,
Im sorry i havent been clear. Yes the second bit of ur comment is what i want the program to do. For all users to see the button, and then have a comment saying he or she can or cannot search the database. Thank you

gotchi
0
 
Binary1Commented:
Try something like this:

<%=(firstYearStudent==true
    ? "<input type=""button"" value=""Push Here"" onClick=""javascript:alert('You cant search');"">"
    : "<input type=""submit"" value=""Push Here"">")%>

I'm assuming that this button is within a form. You may to change the

0
 
amit_chauhanCommented:
Hi,
As Binary mentioned, replace these lines in my example :

<%
 if (studentYear == 1)
 {
%>
<p><a href="ThreeSearchesDirectory.jsp">Search for a Buddy</a></p>
<%
 }
%>


with this :

<%
 if (studentYear == 1)
 {
%>
<p><a href="ThreeSearchesDirectory.jsp">Search for a Buddy</a></p>
<%
 }
 else
 {
%>
<p><a href="javascript:alert ('You cannot search for buddy !!')">Search for a Buddy</a></p>
<%
 }
%>


Hope that helps
thanks
Amit
0
 
gotchiAuthor Commented:
Thank you amit,
Im sorry that I wasnt clear from the start, but Ive got the results that I wanted. Thank you for your patience and time. You have been helpful. Well done :)
Neks
0
 
amit_chauhanCommented:
You welcome and thanks for the points.

Amit
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now