2 
ResultSet rs;

PreparedStatement st = MyConnection.prepareStatement("Select * from logindetails where Username = ? and Password = ?");

st.setString(1, username);
st.setString(2, password);

while (rs.next() )
{
    //login correct = true, redirect
}

rs.close();
MyConnection.close();

The problem with this is I cannot use the next() in the while loop using the PreparedStatement, because I want to search the database with the parameters input by the user.

How can I fix this?

Improve this question
2
  • Just above the while loop, you're missing the line rs = st.executeQuery();, but I'm guessing that's not the problem. Can you clarify your question? It's not at all clear what you're asking. If you add the line I just mentioned, the code should work fine, and sure return any matching rows. Commented Feb 13, 2011 at 14:50
  • 1
    Please note that storing passwords directly can compromise your users if your site is hacked. Store a good hash instead. Commented Feb 13, 2011 at 15:13

3 Answers 3

Reset to default
5

You don't need while (rs.next()) because your PreparedStatement has already queried the result set using the username and password you set. Instead, use if statement to test the result set:-

// returns AuthenticatedUser object if authentication is successful, otherwise null
public AuthenticatedUser authenticate(String username, String password) {   
    PreparedStatement st = ...;
    st.setString(1, username);
    st.setString(2, password);

    ResultSet rs = st.executeQuery();

    AuthenticatedUser user = null;

    //login valid because there is something from the result set, then create user object
    if (rs.next() ) {
        // set all the useful user information in this POJO
        user = new AuthenticatedUser(username, rs.getString("name"), rs.getString("whatever_important_info"));
    }

    ... // close resultset, preparedStatement, connection, clean up, etc.

    return user;  
}

From your servet/controller, you can do something like this to handle the page redirection:-

// call the method above to get the user object based on the provided username and password
AuthenticatedUser user = dao.authenticate(username, password);

// successful authentication
if (user != null) {
   // set user object in session so that you don't need to query the database for user info again and again
   session.setAttribute("user", user); 

   // redirect to welcome page
   request.getRequestDispatcher("/your-welcome-page").forward(request, response);
}
else {
   // redirect to login page if authentication fails
   request.getRequestDispatcher("/login-page").forward(request, response);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, got it - figuring out the redirection when logged in now. :)
I suggest you don't mix the redirection and database queries all in the same API... it's difficult to unit test the code. I modified my post above to give you an idea on how you might handle this task nicely.
2

Not sure I'm understanding your question correctly but I'm guessing you want to iterate through the result set and access the column data...

rs = st.executeQuery();

while (rs.next() ) {
       rs.getString("columnname");
}
Improve this answer

Comments

0

If this is for a production application (as opposed to learning or homework), why are you not using an abstraction layer like iBatis to insulate you from this biolerplate?

Improve this answer

1 Comment

If that's about all the SQL required I don't see the need for a framework :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.