I'm having a problem with my statements (I'm guessing). I'm doing a small web app that needs to have a login form. I created the form in the index.jsp page, and when I submit it (having my username and password fields filled) it actions a "login.jsp".
This is my login.jsp:
<%@page import="java.sql.*"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<body>
<%
String fUser = request.getParameter("l_user");
String fPass = request.getParameter("l_pass");
try {
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection con = DriverManager.getConnection("jdbc:http://sqlserverGrayFox-PC:1433;databaseName=AO2AYDAW", "usuario", "123");
Statement st = con.createStatement();
ResultSet rs = st.executeQuery("SELECT * FROM Usuarios WHERE Usuario='"+fUser+"' AND Pass='"+fPass+"'");
while (rs.next()) {
if (fUser.equalsIgnoreCase(rs.getString("Usuario")) && fPass.equalsIgnoreCase(rs.getString("Pass"))) {
response.sendRedirect("index.jsp");
} else {
out.print("Usuario Invalido");
}
}
} catch (Exception ex) {
out.print("Error en la conexión. - " + ex.getMessage());
}
%>
</body>
</html>
This is a snippet of the form from the index.jsp:
<form method="POST" action="login.jsp" class="pure-form">
<b>Usuario:</b> <input name="l_user" type="text" size="15">
<b>Contraseña:</b> <input name="l_pass" type="password" size="15">
<input type="submit" value="Ingresar">
</form>
The thing is, I'm pretty sure I filled the form with the right data I have in my database table.
And for some reason it just executes the "else" state, the "if" seems to not be working, I tried using the .equals with my strings, but nothing. Maybe the && is not working as it should, or I am doing something wrong, but I'm not able to figure it right now.
Any suggestion?
Thanks in advance!
Aucun commentaire:
Enregistrer un commentaire