Solved

amend jsp code

Posted on 2004-04-07
12
326 Views
Last Modified: 2010-04-01

Hi, im using the below commands to set a name a user has entered in a jsp bean. Id like to amend this so the the users id is set instead.
<jsp:useBean id="AccessV" scope="session" class="classfiles.AccessVals"/>
<% AccessV.setName(request.getParameter("strUserName")); %>  

Ive been trying this:
string name = request.getParameter("strUserName");
<% AccessV.setName(select idnum from users where name like 'name'); %>  

That does'nt work although.

Thanks
0
Comment
Question by:Ronayne
  • 7
  • 5
12 Comments
 
LVL 18

Expert Comment

by:bobbit31
ID: 10776189
<% AccessV.setName("select idnum from users where name like '" + name + "'"); %>  
0
 

Author Comment

by:Ronayne
ID: 10776632

I tried that but got this error:

Generated servlet error:
    [javac] Compiling 1 source file

C:\Program Files\Apache Group\Tomcat 4.1\work\Standalone\localhost\seanproj\insert_jsp.java:62: cannot resolve symbol
symbol  : variable name  
location: class org.apache.jsp.insert_jsp
 AccessV.setName("select idnum from users where name like '" + name + "'");
0
 
LVL 18

Expert Comment

by:bobbit31
ID: 10776741
<%
String name = request.getParameter("strUserName");
AccessV.setName("select idnum from users where name like '" + name + "'");
%>
0
 

Author Comment

by:Ronayne
ID: 10776830

Ive tried that as well but it just outputs all my insert.jsp source code.

This is insert.jsp:

<%@ page import="java.sql.*" %>
<%@ page import="java.util.*" %>
<%@ page import="classfiles.*" %>

<jsp:useBean id="AccessV" scope="session" class="classfiles.AccessVals"/>
<%
 String name = request.getParameter("strUserName");
 AccessV.setName("select idnum from users where name like '" + name + "'");
%>
 

 try {
 
   String userName = request.getParameter("strUserName");
   String pass = request.getParameter("password");
   if (userName != null)
   out.print("User Name: " +userName);
 
  String inServer = "localhost";
  String inDBName = "test";
  String DATABASE_URL = "jdbc:mysql://" + inServer + ":3306/" + inDBName;
 
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select password from userdesc where password like \""+pass+"\" and name like \""+name+"\"");
  String passwordtocompare = "";
  if (rs1.next())
  {
 
         passwordtocompare = rs1.getString(1);
         out.print("\nCorrect password");
         response.sendRedirect("main.jsp?strUserName="+userName+"+password="+pass+"");
         Object id = getServletConfig().getServletContext().getAttribute("someid");
       boolean loggedIn = (id != null);
  }
  else {
     out.print("\nIncorrect username / password");
     response.sendRedirect("reelogin.jsp");
   }
 
//   out.print("\nPassword:" +passwordtocompare);
 //if (passwordtocompare.equals(password)){

//  out.print("\nCorrect password");
//  }
  /*else {
   out.print("\nIncorrect password");
   }*/
}
      catch (ClassNotFoundException cnfe) {
        out.println(cnfe.toString());
      }
      catch (SQLException sqle) {
        out.println(sqle.toString());
    }
%>

0
 

Author Comment

by:Ronayne
ID: 10777125

Ive fixed that but its now just outputting :select idnum from users where name like 'adrian_eire' on the page it links to
0
 
LVL 18

Accepted Solution

by:
bobbit31 earned 50 total points
ID: 10777249
you have to edit AccessV, in particular the setName function so that it runs the query and returns whatever value it is you are looking for
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Ronayne
ID: 10777294
How can I do this, this is my bean that contains the setName method

package classfiles;

public class AccessVals {
  private String name;
  public AccessVals() {
    name = "";
  }
  public String getName() {
    return name;
  }
 
  public void setName(String x) {
    name = x;
  }
}

0
 
LVL 18

Expert Comment

by:bobbit31
ID: 10777405
public void setName(String x) {
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select idnum from users where name like '" + x + "' );
 if (rs.next()) {
    name = rs1.getString("idnum");
 }
 rs.close();
 stmt.close();
 con.close();
}

then call setName like this:

<%
 String name = request.getParameter("strUserName");
 AccessV.setName(name);
%>

0
 

Author Comment

by:Ronayne
ID: 10777702
I amedned as you said but its still causing this error: <<Ive fixed that but its now just outputting :select idnum from users where name like 'adrian_eire' on the page it links to

This is the jsp along with the bean (i know its skimply coded but it will do for now)
<%
 String name = request.getParameter("strUserName");
 AccessV.setName(name);
%>

package classfiles;

import java.sql.*;
import java.util.*;
public class AccessVals {
  private String name;
  public AccessVals() {
    name = "";
  }
  public String getName() {
    return name;
  }
 
  public void setName(String x) {
        try{
          String inServer = "localhost";
  String inDBName = "test";
  String DATABASE_URL = "jdbc:mysql://" + inServer + ":3306/" + inDBName;
 
  Class.forName("com.mysql.jdbc.Driver").newInstance();
  Connection con = DriverManager.getConnection(DATABASE_URL, "username", "password");
  Statement stmt = con.createStatement();
   
 ResultSet rs1 = stmt.executeQuery("select idnum from users where name like '" + x + "'" );
 if (rs1.next()) {
    name = rs1.getString("idnum");
 }
 rs1.close();
 stmt.close();
 con.close();
}
catch(ClassNotFoundException e){
                  
            }
catch(InstantiationException ee){
                  
            }
catch(IllegalAccessException eee){
                  
            }
catch(SQLException eeee){
                  
            }
 
}
  //public void setName(String x) {
    //name = x;
 // }
}
0
 

Author Comment

by:Ronayne
ID: 10777744

Its ok, I fixed that, should'nt this output the value : <%=AccessV.getName()%>
0
 
LVL 18

Expert Comment

by:bobbit31
ID: 10777813
yeah... you should be able to do that.
0
 

Author Comment

by:Ronayne
ID: 10778160

That wont work, ive tried this also :
String n  = AccessV.getName();
out.print(n);

But nothing is displayed in both cases
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
What is Backup? Backup software creates one or more copies of the data on your digital devices in case your original data is lost or damaged. Different backup solutions protect different kinds of data and different combinations of devices. For e…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now