1

This is my user validation page. I want to pass the user Name in the ArrayList after checking the user password and id. After that I want to display the name in the main page but, I am getting null value in my main page. How can add the user name in the ArrayList?

// DwB: I love sql injection attacks - this is bad.
rs=st.executeQuery("select * from registration where U_ID='"+
    U_ID+"' and Pass='"+Pass+"' ");
while(rs.next()){
    na1=rs.getString("U_ID");
    pw=rs.getString("Pass");
    Name=rs.getString("U_N");}

    if((U_ID.equals(na1))&&(Pass.equals(pw))){
        HttpSession session=request.getSession();
        //List<String> user= new ArrayList<>();
        //String id=(String)session.getAttribute("ID"); 

        //session.setAttribute("loggedIn",Name);

        String username = request.getParameter("Name");
        List<String> users = (List<String>)session.getAttribute("users");

        if(null == users) {
            users = new ArrayList<String>();
        }
        users.add(username);
        session.setAttribute("users", users);
        //response.sendRedirect("Welcome.jsp");

        request.setAttribute("U_ID",na1);
        request.getRequestDispatcher("/Welcome.jsp").forward(request, response);
Improve this question
3
  • Can u paste ur jsp code also? Commented Feb 11, 2014 at 17:37
  • And your stacktrace as well please Commented Feb 11, 2014 at 17:37
  • 4
    1) Please stick to Java naming conventions, they are there for a reason. This code is illegible. 2) Please read up on SQL Injection; always use a PreparedStatement. It pains me (and many others) to see String concatenation in SQL queries. Commented Feb 11, 2014 at 17:39

2 Answers 2

Reset to default
1

Not sure if this is working, but here are some minor changes:

VERSION 1

    rs = st.executeQuery("select * from registration where U_ID='" + uId + "' and Pass='" + pass + "' ");  // changed the variables to lower case

    while (rs.next()) {
        na1 = rs.getString("U_ID");
        pw = rs.getString("Pass");
        name = rs.getString("U_N");
    }

    if ((uid.equalsIgnoreCase(na1)) && (pass.equalsIgnoreCase(pw))) {  // always compare two strings with string.equalsIgnoreCase(otherString);
        // ... do stuff with your list
    }

explanation: in Java your variables should start in lowercase and when you compare two strings, then compare them with the method string1.euqalsIgnoreCase(string2);. This method will compare each character of your strings one by one. The method string1.equals(string2) only compares the object reference, not the content.

VERSION 2

    rs = st.executeQuery("select U_N, COUNT(*) from registration where U_ID='" + uId + "' and Pass='" + pass + "' ");  // count(*) is enough, you don't need all the data from the row + changed the variables to lower case
    rs.next();
    if(rs.getInt(1)>0){ // the username/password kombination exists at least 1 times
       // .. do stuff with your list               
        name = rs.getString("U_N"); 
    }

explanation: it is sufficient to count the rows in your database where the user id and the password match your search. if the resultset has more than 0 rows, your user is in logged in

stuff for your list

    HttpSession session = request.getSession();

    //session.setAttribute("loggedIn",Name);
    String username = request.getParameter("Name");
    ArrayList<String> users = (ArrayList<String>) session.getAttribute("users");  // use ArrayList directly

    if (users == null) { 
        users = new ArrayList<>();  // diamond operator: the type is already given in the declaration
    }
    users.add(username);
    session.setAttribute("users", users);
    //response.sendRedirect("Welcome.jsp");

    request.setAttribute("uId", uId);
    request.getRequestDispatcher("/Welcome.jsp").forward(request, response);
    if (!session.containsKey(arrayListID)) {
    // Place the number the user entered into the session
        session.put(arrayListID, numbersEntered);
    } else {
        ArrayList<Integer> list = (ArrayList<Integer>) session.get(arrayListID);
        list.add(1 /* what you want */);
    // Retrieve session data
    }

explanation: well this does not change anything, but I just saw that in the if-clause(null==users) you instantiated an ArrayList while before you casted to a List. Although this is totally allowed, why not cast to an ArrayList directly?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

As written, asside from the glory of SQL Injection Attack Vulnerability, you are guaranteed to have no value added to the ArrayList when the user id and password are not found in the database.

This code if((U_ID.equals(na1))&&(Pass.equals(pw))) is value free because you never get to that if statement unless that if statuement is already true. Your query will only find rows that do match the user id and password.

It seems likely that your problem is with case sensitivity. Consider updating the database such that the U_ID column is all uppercase (or all lowercase) then adjust the case of the user entered userid appropriately (to either all uppercase or all lowercase).

It seems fine that password would be case sensitive.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.