Re: Login Authentication against database...

[Chris Tucker]

Title: Message

You shouldn't need to do any comparisons at all in your code.  Use:   String sqlStr = "SELECT * FROM SAMM.UsersLogin WHERE LOWER(UserLoginId) = LOWER('"+username+"') AND UserPassword = '"+password+"'"; stmt = myConn.createStatement(); myResultSet = stmt.executeQuery(sqlStr); if( myResultSet.next() ) {     // we have a valid user! } else {     // we don't have a valid user! }   And make sure you catch and log any SQLExceptions that may occur, as they'll help you out no end in debugging... -----Original Message----- From: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]]On Behalf Of Praveen Potineni Sent: Wednesday, November 14, 2001 11:20 AM To: [EMAIL PROTECTED] Subject: Re: Login Authentication against database... That's exactly what i did. I got only one record and test if the user exist. Else it goes to login screen. But i still get the same error. Well i figured that i'm getting problem comparing the 2 strings... string coming out of database and the string entered by user. Can u check the code and suggest me on this... Thanks in advance Praveen      String sqlStr = "SELECT * FROM SAMM.UsersLogin WHERE UserLoginId = '"+username+"' AND UserPassword = '"+password+"'";    stmt = myConn.createStatement();    myResultSet = stmt.executeQuery(sqlStr);    if(myResultSet.next() == false)    {     log("resulset is null.");    }    else{     log("resultset is true");       String uid = myResultSet.getString("UserLoginId");     String upin = myResultSet.getString("UserPassword");       if ((username.equalsIgnoreCase(uid)) && (password.equalsIgnoreCase(upin))){       validUser = "true";     }     else{       validUser = "false";     }     log("validUser is : " +validUser);     }    myResultSet.close();    stmt.close();   }   catch(SQLException sqle){    //System.out.println("User Does not exist Exception: +sqle.toString()");    //log("DBObject.validUserExists: Exception: "+sqle.toString());   }   return validUser;  } ----- Original Message ----- From: Joe Cheng To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2001 1:45 PM Subject: Re: Login Authentication against database... Praveen-   It looks like your query is retrieving the whole set of users and then iterating in Java to see if any of them match the username/password the user entered.  Why would you do that, rather than simply:   SELECT * FROM users WHERE username = '<username entered by user>' AND password = '<password entered by user>';   and see if any rows are returned.  If there are no rows, the username and/or password was wrong.  This way you don't have to deal with so much data, making it potentially much faster and less memory intensive.   -jmc