Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 338
  • Last Modified:

amend jsp code


Hi, im using the below commands to set a name a user has entered in a jsp bean. Id like to amend this so the the users id is set instead.
<jsp:useBean id="AccessV" scope="session" class="classfiles.AccessVals"/>
<% AccessV.setName(request.getParameter("strUserName")); %>  

Ive been trying this:
string name = request.getParameter("strUserName");
<% AccessV.setName(select idnum from users where name like 'name'); %>  

That does'nt work although.

Thanks
0
Ronayne
Asked:
Ronayne
  • 7
  • 5
1 Solution
 
bobbit31Commented:
<% AccessV.setName("select idnum from users where name like '" + name + "'"); %>  
0
 
RonayneAuthor Commented:

I tried that but got this error:

Generated servlet error:
    [javac] Compiling 1 source file

C:\Program Files\Apache Group\Tomcat 4.1\work\Standalone\localhost\seanproj\insert_jsp.java:62: cannot resolve symbol
symbol  : variable name  
location: class org.apache.jsp.insert_jsp
 AccessV.setName("select idnum from users where name like '" + name + "'");
0
 
bobbit31Commented:
<%
String name = request.getParameter("strUserName");
AccessV.setName("select idnum from users where name like '" + name + "'");
%>
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
RonayneAuthor Commented:

Ive tried that as well but it just outputs all my insert.jsp source code.

This is insert.jsp:

<%@ page import="java.sql.*" %>
<%@ page import="java.util.*" %>
<%@ page import="classfiles.*" %>

<jsp:useBean id="AccessV" scope="session" class="classfiles.AccessVals"/>
<%
 String name = request.getParameter("strUserName");
 AccessV.setName("select idnum from users where name like '" + name + "'");
%>
 

 try {
 
   String userName = request.getParameter("strUserName");
   String pass = request.getParameter("password");
   if (userName != null)
   out.print("User Name: " +userName);
 
  String inServer = "localhost";
  String inDBName = "test";
  String DATABASE_URL = "jdbc:mysql://" + inServer + ":3306/" + inDBName;
 
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select password from userdesc where password like \""+pass+"\" and name like \""+name+"\"");
  String passwordtocompare = "";
  if (rs1.next())
  {
 
         passwordtocompare = rs1.getString(1);
         out.print("\nCorrect password");
         response.sendRedirect("main.jsp?strUserName="+userName+"+password="+pass+"");
         Object id = getServletConfig().getServletContext().getAttribute("someid");
       boolean loggedIn = (id != null);
  }
  else {
     out.print("\nIncorrect username / password");
     response.sendRedirect("reelogin.jsp");
   }
 
//   out.print("\nPassword:" +passwordtocompare);
 //if (passwordtocompare.equals(password)){

//  out.print("\nCorrect password");
//  }
  /*else {
   out.print("\nIncorrect password");
   }*/
}
      catch (ClassNotFoundException cnfe) {
        out.println(cnfe.toString());
      }
      catch (SQLException sqle) {
        out.println(sqle.toString());
    }
%>

0
 
RonayneAuthor Commented:

Ive fixed that but its now just outputting :select idnum from users where name like 'adrian_eire' on the page it links to
0
 
bobbit31Commented:
you have to edit AccessV, in particular the setName function so that it runs the query and returns whatever value it is you are looking for
0
 
RonayneAuthor Commented:
How can I do this, this is my bean that contains the setName method

package classfiles;

public class AccessVals {
  private String name;
  public AccessVals() {
    name = "";
  }
  public String getName() {
    return name;
  }
 
  public void setName(String x) {
    name = x;
  }
}

0
 
bobbit31Commented:
public void setName(String x) {
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select idnum from users where name like '" + x + "' );
 if (rs.next()) {
    name = rs1.getString("idnum");
 }
 rs.close();
 stmt.close();
 con.close();
}

then call setName like this:

<%
 String name = request.getParameter("strUserName");
 AccessV.setName(name);
%>

0
 
RonayneAuthor Commented:
I amedned as you said but its still causing this error: <<Ive fixed that but its now just outputting :select idnum from users where name like 'adrian_eire' on the page it links to

This is the jsp along with the bean (i know its skimply coded but it will do for now)
<%
 String name = request.getParameter("strUserName");
 AccessV.setName(name);
%>

package classfiles;

import java.sql.*;
import java.util.*;
public class AccessVals {
  private String name;
  public AccessVals() {
    name = "";
  }
  public String getName() {
    return name;
  }
 
  public void setName(String x) {
        try{
          String inServer = "localhost";
  String inDBName = "test";
  String DATABASE_URL = "jdbc:mysql://" + inServer + ":3306/" + inDBName;
 
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select idnum from users where name like '" + x + "'" );
 if (rs1.next()) {
    name = rs1.getString("idnum");
 }
 rs1.close();
 stmt.close();
 con.close();
}
catch(ClassNotFoundException e){
                  
            }
catch(InstantiationException ee){
                  
            }
catch(IllegalAccessException eee){
                  
            }
catch(SQLException eeee){
                  
            }
 
}
  //public void setName(String x) {
    //name = x;
 // }
}
0
 
RonayneAuthor Commented:

Its ok, I fixed that, should'nt this output the value : <%=AccessV.getName()%>
0
 
bobbit31Commented:
yeah... you should be able to do that.
0
 
RonayneAuthor Commented:

That wont work, ive tried this also :
String n  = AccessV.getName();
out.print(n);

But nothing is displayed in both cases
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now