hi,

there is one thing mistake in ResultSet SQL, when ever having String param 
checking with SQL, it'll always enclosed in "'" single qot.


String strSQL = "select * from member where member_id='" + mid + "'";
ResultSet myResultSet = stmt.executeQuery(strSQL);

This is only req. when checking with String param. 


bye




> hi mr,
> the answer for 1st point:
>    -- request.getParameter();
> always returns a String only.that's why no need to
> typecast it.
> 
> second point:
>    --Username and Password were not mentioned while
>  getting the Connection 
> it depends on the database u r using.
> if it is MS Acess,bcoz it doesn't supports password
> protection.
> other databases like oracle supports password
> protection.that's why u should supply username &
> password.
> 
> 
> third point:
> 
>    --here what u said is correct.
> but when using with "null" u can use "==" operator.
> 
> fourth point:
> 
>    --return statement should be the last one in any
> block.but in ur code u hv used sendRedirect() after
> rerurn statement that's why it will never be excuted.
> 
> one more mistake:
>   --ResultSet myResultSet = stmt.executeQuery("select
> * from member where  member_id = mid");
> 
> in this line mid is variable and it should be
> concotanated properly.the proper statement is as
> falloews:
> ResultSet myResultSet = stmt.executeQuery("select *
>  from member where  member_id ="+ mid);
> 
> Bye..
> have a nice day.
> 
> contact me in future also .v will share the subject.
>     
> 
> --- sudharshang <g_sudharshan@r...> wrote:
> > Hi,
> > 
> > I think this piece of code might work. PLease try it
> > out. I have some 
> > points to share with you.
> 
> > 
> > 1. Type casting to String was not done while using
> > request.getParameter() 
> > method as it returns an Object, not a String object.
> > String mid = (String)
> > request.getParameter("memberid");
> > 
> > 2.Username and Password were not mentioned while
> > getting the Connection 
> > object using getConnection() method.
> > Connection myConn = DriverManager.getConnection
> > ("jdbc:odbc:library","username","password");
> > 
> > 3. == operator when used between two String objects
> > compares their memory 
> > references not their contents.
> > if (pass.equals(password)) {
> > 
> > 4. Is the return statement required after
> > myConn.close(); ?
> > 
> > Modified Code :
> > 
> > <html>
> > <head>
> > <title>Untitled Document</title>
> > <meta http-equiv="Content-Type" content="text/html;
> > charset=iso-8859-1">
> > </head>
> > 
> > <body bgcolor="#FFFFFF">
> > <form method="post" action="loginnow.jsp">
> > <p>Member ID 
> > <input type="text" name="memberid" maxlength="15"
> > size="15">
> > Password 
> > <input type="password" name="pw" size="15"
> > maxlength="15">
> > </p>
> > <p>
> > <input type="submit" name="Submit" value="Login">
> > </p>
> > </form>
> > </body>
> > </html>
> > 
> > 
> > loginnow.jsp
> > 
> > <%@ page language="java" import="java.sql.*" %>
> > <% 
> > String mid = (String)
> > request.getParameter("memberid");
> > String pass = (String) request.getParameter("pw");
> > String jsp;
> > if (mid==null) {
> > jsp = "/index.htm";
> > } else {
> > 
> > Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
> > Connection myConn 
> > DriverManager.getConnection("jdbc:odbc:library");
> > Statement stmt = myConn.createStatement();
> > ResultSet myResultSet = stmt.executeQuery("select *
> > from member where 
> > member_id = mid");
> > if (myResultSet !=null) {
> > while (myResultSet.next()) {
> > String password = myResultSet.getString("password");
> > }
> > }
> > if (pass.equals(password)) {
> > session.putValue("member_id", mid);
> > jsp = "templete.jsp";
> > } else {
> > jsp="/index.htm";
> > }
> > 
> > stmt.close();
> > myConn.close();
> > return;
> > }
> > 
> > response.sendRedirect(jsp); %>
> >