I'm guessing it would have to be more like:
<%
String insertString =
"INSERT INTO \"login\" (\'user\', \'password\')
VALUES ('"+username+"', '"+password+"')";
%>
to actually concatonate a string including the username & password variables, however I've not really used Java much so you might want to ask on the [EMAIL PROTECTED] list.
hth,
- Stuart
[EMAIL PROTECTED] wrote:
> Hi All,
>
> I have some jsp code that should insert a user name and password into
> a table called login.
>
> Instead of inserting the values given by the client, it insert the
> literal string 'username' and 'password. The problem is somewhere in
> the INSERT statement.
>
> Here is the code:
>
> <%@page contentType="text/html"%>
> <%@page import="java.io.*" %>
> <%@page import="java.sql.*" %>
> <%@page import="java.util.*" %>
>
> <html>
> <head><title>JSP login</title></head>
> <body>
>
> <%-- <jsp:useBean id="beanInstanceName" scope="session"
> class="package.class" /> --%> <%-- <jsp:getProperty
> name="beanInstanceName" property="propertyName" /> --%>
>
> <%
> String username = request.getParameter("username");
> String password = request.getParameter("password");
> String confirmpw = request.getParameter("password2"); String dbName =
> "storedb";
>
>
> Connection conn = null;
> Statement stmt = null;
>
>
> String usr = "postgres";
> String passwd = "Wimdk12";
>
> if (username != null)
> username = username.trim();
> if (password != null)
> password = password.trim();
> if(confirmpw != null)
> confirmpw = confirmpw.trim();
> if (username != null &&
> username.length() > 0) {
> if (password != null &&
> password.length() > 0) {
> if (confirmpw != null &&
> confirmpw.length() > 0) {
> if (password.equals(confirmpw)) {
> %>
> <h1> Loading the driver </h1> <%
> String url = "" + dbName;
>
> // Load the driver
> Class.forName("org.postgresql.Driver");
> // Connect to database
> conn = DriverManager.getConnection(url, usr,
> passwd); stmt = conn.createStatement(); %>
>
> <h1> Connecting to the data base </h1> <%
> String insertString =
> "INSERT INTO \"login\" (\'user\',
> \'password\') VALUES ('username', 'password')";
> %>
>
> <h1> Updating table </h1>
> <%
> stmt.executeUpdate(insertString);
>
> %>
> <h1> Checking result </h1>
> <%
> ResultSet rset = stmt.executeQuery("SELECT *
> FROM login");
>
>
> while (rset.next()) {
> System.out.println(
> rset.getString("user") + ":" +
> rset.getString("password"));
> } %>
> <h1> Closing connection <h1> <%
> rset.close();
> stmt.close();
> conn.close();
>
> %>
> <h1>Congratulations <%= username %>! your account has been created
> </h1>
>
> <%
> } else { %>
> <h1>Sorry! Account not created. passwords do
> not match </h1> <%
> }
> } else { %> <h1>Sorry! Account not
> created. passwords do not match </h1>
> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> confirmation password </h1> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> password </h1> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> username </h1> <%
> } %>
> </body>
> </html>
>
