login page using jsp

I have written a login page using jsp but doesnt know understand why the problem does not check my if statement but it is going straight to display the message found in else statement...I know for sure that it is checking the username and password in my database but dont know the reasons why it is not displaying the right message when the user is authenticated...These are my codes..

simple form:
<html>
<head>
<title>User Login JSp</title>

</head>

<body>

<form  action="doLogin.jsp" method="post">
User Name <input type="text" name="sUserName" /><br />
Password <input type="password" name="sPwd" /><br />
<input type="submit"  value="Submit" />
</form>
</body>
</html>

Open in new window


ldoLogin.jsp
<%@page import="java.sql.*"%>

<html>
<body bgcolor="pink">
<%
try
{

String user_db=new String("");
String pass_db=new String("");


Connection con=null;
Statement s=null;
ResultSet rs=null;

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con=DriverManager.getConnection("Jdbc:Odbc:dB","","");
 s = con.createStatement( );

String sql = "SELECT Username,Password from Users";

s.executeQuery (sql);
rs = s.getResultSet();


while (rs.next())
{
 user_db=rs.getString("Username").toString();
 pass_db=rs.getString("Password").toString();

}
 if
 
 (user_db.equals(request.getParameter("sUserName"))&&
 pass_db.equals(request.getParameter("sPwd")))
       {
       
        out.println("User Authenticated");
       
       }

           else
              {

               out.println("You are not an authentic person");
               out.println("The value of username is:"+sUserName);
              }


rs.close();
s.close();
con.close();

 }

  catch(Exception e)
      {
 System.out.println("Exception is ;"+e);
      }


 %>

</body>
</html>

Open in new window


Thanks
ozzyfantaAsked:
Who is Participating?
 
GkConnect With a Mentor Commented:
One normal error is when adding the username with fixed size, some extra spaces comes at the end. this may make your comparison wrong. So you add a print also here.

while (rs.next())
{
 user_db=rs.getString("Username").toString();
 pass_db=rs.getString("Password").toString();
. . . . .

out.println("Comparing User: '"+user_db+"' and '"+request.getParameter("sUserName")+"'");
out.println("Comparing Pwd: '"+pass_db+"' and '"+request.getParameter("sPwd")+"'");
......
0
 
GkCommented:
You have misplaced the bracket.

while (rs.next())
{
 user_db=rs.getString("Username").toString();
 pass_db=rs.getString("Password").toString();

}!!!!!!!!!
 if()......


should be after the if condition!!!!
0
 
GkCommented:
<%@page import="java.sql.*"%>

<html>
<body bgcolor="pink">
<%
try
{

String user_db=new String("");
String pass_db=new String("");


Connection con=null;
Statement s=null;
ResultSet rs=null;

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con=DriverManager.getConnection("Jdbc:Odbc:dB","","");
 s = con.createStatement( );

String sql = "SELECT Username,Password from Users";

s.executeQuery (sql);
rs = s.getResultSet();


while (rs.next())
{
 user_db=rs.getString("Username").toString();
 pass_db=rs.getString("Password").toString();


 if
 
 (user_db.equals(request.getParameter("sUserName"))&&
 pass_db.equals(request.getParameter("sPwd")))
       {
       
        out.println("User Authenticated");
       
       }

           else
              {

               out.println("You are not an authentic person");
               out.println("The value of username is:"+sUserName);
              }
}//moved to here!!!!

rs.close();
s.close();
con.close();

 }

  catch(Exception e)
      {
 System.out.println("Exception is ;"+e);
      }


 %>

</body>
</html>
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
GkCommented:
Shall i suggest a better option to change your query to be
String sql = "SELECT Username,Password from Users";

sUserName = request.getParameter("sUserName");
sPwd = request.getParameter("sPwd");

sql+= "Where Username='"+sUserNam+"' And Password='""+sPwd+"'";

execute and check only whether the 'rs' is NULL or not!.
0
 
ozzyfantaAuthor Commented:
I did all that...When i move the bracket where you are suggesting, the while loop is checking all the rows in the users tables and printing message like:  You are not an authentic person You are not an authentic person You are not an authentic person You are not an authentic person User Authenticated
You are not an authentic person  You are not an authentic person  You are not an authentic person  You are not an authentic person ...you can clearly see that user authenticated message appear but with all the wrong message. It is 9 messages because i have 9 usernames in my users table...

About GK suggestion, i will try it and get back to you...thanks

Guys, I have tried everything from 21h till 6h in the morning but ??????????????????
0
 
ozzyfantaAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.