This is a multi-part message in MIME format.

------=_NextPart_000_009E_01C1FAE1.461F3340
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

this is definitely better, and a prepared statement is actually safer 
from a security point of view.

chanoch
  ----- Original Message -----
  From: Karabelas, William A.
  To: Pro_JavaServer_Pages
  Sent: Monday, May 13, 2002 12:21 PM
  Subject: [pro_jsp] RE: Database connectivity, please help!!


  Try using the PreparedStatement instead---you can avoid using the '+ 
---which can get hairy after just a few parameters


  here is an example..
   //lookup the password based on the userid---so we first check to make 
sure
  //a userid actually exists in our database
             sql.append("select * from users where userid =3D ?");
             pStmt=3Dcon.prepareStatement(sql.toString());
             pStmt.setString(1, strUserName);
             ResultSet rs =3D pStmt.executeQuery();
    -----Original Message-----
    From: Syed Hassan Javed [mailto:syedhassanjaved@y...]
    Sent: Monday, May 13, 2002 4:26 AM
    To: Pro_JavaServer_Pages
    Subject: [pro_jsp] RE: Database connectivity, please help!!


    Your query seem to be incorrect. I think you missed "AND" between 
the statement.

    It should look like this   "Select password, Username from TABLE 
where psd=3DPassword AND usrname=3Dusername"

      Ljubisa Kovacevic <ljubisa.kovacevic@s...> wrote:

      First put some debugging code into your "catch" clause
      ---------------
      } catch( Exception e)
      {

      out.println(" ERRROR:" + e.getMessage());
      e.printStackTrace();
      }
      ------------------------

      then you'll know what to do.



      ----- Original Message -----
      From:
      To: Pro_JavaServer_Pages
      Sent: Sunday, May 12, 2002 6:26 PM
      Subject: [pro_jsp] RE: Database connectivity, please help!!


      > Hi Pallavi,
      > 1.Maybe your query statement is wrong.Check your type of field 
in your
      database when you use criteria in SELECT statement.
      > 2.In your SELECT statement you miss the "AND" or "OR" syntax 
follow sql
      statement between user id and password.
      >
      > =3D=3D> rs =3D stmt.executeQuery("SELECT UserID, Password FROM
      Registration_Table WHERE UserID=3D"+userid + "Password=3D"+pswd);
      > Try it again.
      > Surat J.
      >
      > -----Original Message-----
      > From: Pallavi Mahajan [mailto:paluindian@r...]
      > Sent: Saturday, May 11, 2002 7:17 AM
      > To: Pro_JavaServer_Pages
      > Subject: [pro_jsp] Database connectivity, please help!!
      >
      >
      > Hello freind,
      > here is my code...not working..giving problem in firing 
query.This is
      > login page:
      >
      >
      >
      >
      >
      >
      >
      >
      >
      >
      > and after runing it shows " ERROR"
      > its thoowing exceptiomn.
      > Can anybody help me.
      > Thank you
      > Pallavi
      >
      >




    Syed Hassan Javed




-------------------------------------------------------------------------
---
    Do You Yahoo!?
    LAUNCH - Your Yahoo! Music Experience --- Change your mail options 
at http://p2p.wrox.com/manager.asp or to unsubscribe send a blank email 
to