java - Why this statement rs=st.executeQuery(query); is not excuting? How can I select only a table depend on input type=radio from mysql from two tables? -

why query rs=st.executequery(query); not executed select table database?

  string gender = request.getparameter("gender");   if (gender != null) {   string table = gender.equals("teacher") ? "teacher2" : "student";    string query ="select username,password " +table+ " username='"+name+"' , password='"+abc+"'";    rs=st.executequery(query);  //why statement having error   }

mysql query table enter image description herei think query wrong

 "select username,password "+table+" username='"+name+"' , password='"+abc+"'";

i have 2 tables 1 teacher , 1 students both have same columns same data type.

how can select table mysql database login. have 2 tables 1 student , 1 teacher if user select teacher, radio button , enter username , password if user username , password equals mysql database username , password login same case student if select student radio , enter username , password if username, password equals student table of mysql username, password login.

why query not executed select table

rs=st.executequery(query);

image of error coming

enter image description here //error

index.jsp

 <form  method="get " action="statement.jsp" autocomplete="on">    <input id="username" name="username" required="required" type="text" placeholder="username"/>  <input id="password" name="password" required="required" type="password" placeholder="password" />    <input type="radio" name="gender" value="teacher" checked/> teacher  <input type="radio" name="gender" value="student"/>student   <input type="submit" value="login" />   </form>

statement.jsp

 <%@page import="java.sql.drivermanager"%>  <%@page import="java.sql.resultset"%>  <%@page import="com.mysql.jdbc.statement"%>  <%@page import="com.mysql.jdbc.connection"%>  <%@page  import=" java.sql.sqlexception" %>  <%@page contenttype="text/html" pageencoding="utf-8"%>   <%@include file="db conn.jsp" %>  <%   string name=request.getparameter("username");  string abc=request.getparameter("password");          string gender = request.getparameter("gender");   if (gender != null) {  string table = gender.equals("teacher") ? "teacher2" : "student";   string query ="select username,password "+table+" username='"+name+"' , password='"+abc+"'";     rs=st.executequery(query);  //why statement having error   }     if(rs.next())     {     response.sendredirect("main.jsp");    }    else    {     response.sendredirect("index.jsp");     }   %>

db conn.jsp // database connection

  <%@page import="com.mysql.jdbc.connection"%>   <%@page import="com.mysql.jdbc.statement"%>   <%@page import="java.sql.resultset"%>   <%@page import="java.sql.drivermanager"%>   <%@page contenttype="text/html" pageencoding="utf-8"%>   <!doctype html>   <html>   <head>     <meta http-equiv="content-type" content="text/html; charset=utf-8">     <title>jsp page</title>   </head>   <body>   <h1>hello world!</h1>    <%@ page import ="java.sql.*" %>   <%     connection c1 = null;     statement st = null;     resultset rs = null;      class.forname("com.mysql.jdbc.driver");     c1 = (connection) drivermanager.getconnection("jdbc:mysql://localhost:3306/teacher","root", "abcde");     {     system.out.println("couldn't find driver!");     system.out.println("couldn't connect: print out stack trace , exit.");     system.out.println("we got exception while creating statement:" + "that means we're no longer connected.");      st = (statement) c1.createstatement();     system.out.println("statement created successfully");     {     system.out.println("we got exception while creating statement:" + "that means we're no longer connected.");      }     if (c1!= null) {     system. out.println("hooray! connected database!");      } else {     system.out.println("we should never here.");     }}   %>

error

 http status 500 -  type exception report  message  description server encountered internal error () prevented fulfilling request.  exception   org.apache.jasper.jasperexception: exception in jsp: /statement.jsp:29   26:    string table = gender.equals("teacher") ? "teacher2" : "student";  27:    // replace dots values  28:     string query ="select * " +table+ "where username='"+name+"' , password='"+abc+"'";  29:     st.executequery(query);   30:

stacktrace:

org.apache.jasper.servlet.jspservletwrapper.handlejspexception(jspservletwrapper.java:451) org.apache.jasper.servlet.jspservletwrapper.service(jspservletwrapper.java:355) org.apache.jasper.servlet.jspservlet.servicejspfile(jspservlet.java:329) org.apache.jasper.servlet.jspservlet.service(jspservlet.java:265) javax.servlet.http.httpservlet.service(httpservlet.java:729)

you missing space here in string:

"select * " +table+ " username '"+name+ "'" , password '"+abc+" '

add space in first string , have right query. , try again.

and should not use string concatenation sql vulnerable sql injection attack. instead use query parameters.

for more information on how read here:
http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement

WIn

Search This Blog

java - Why this statement rs=st.executeQuery(query); is not excuting? How can I select only a table depend on input type=radio from mysql from two tables? -

Comments

Post a Comment