| From: | "Henshall, Stuart - Design & Print" <SHenshall(at)westcountry-design-print(dot)co(dot)uk> |
|---|---|
| To: | "'monroy(at)mindspring(dot)com'" <monroy(at)mindspring(dot)com>, pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: How does postgres handle non literal string values |
| Date: | 2002-11-26 15:12:02 |
| Message-ID: | E382B5D8EDE1D6118DBE0008C759BCD6116AE1@WCPEXCHANGE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
I'm guessing it would have to be more like:
<%
String insertString =
"INSERT INTO \"login\" (\'user\', \'password\')
VALUES ('"+username+"', '"+password+"')";
%>
to actually concatonate a string including the username & password
variables, however I've not really used Java much so you might want to ask
on the pgsql-jdbc(at)postgresql(dot)org list.
hth,
- Stuart
monroy(at)mindspring(dot)com wrote:
> Hi All,
>
> I have some jsp code that should insert a user name and password into
> a table called login.
>
> Instead of inserting the values given by the client, it insert the
> literal string 'username' and 'password. The problem is somewhere in
> the INSERT statement.
>
> Here is the code:
>
> <%(at)page contentType="text/html"%>
> <%(at)page import="java.io.*" %>
> <%(at)page import="java.sql.*" %>
> <%(at)page import="java.util.*" %>
>
> <html>
> <head><title>JSP login</title></head>
> <body>
>
> <%-- <jsp:useBean id="beanInstanceName" scope="session"
> class="package.class" /> --%> <%-- <jsp:getProperty
> name="beanInstanceName" property="propertyName" /> --%>
>
> <%
> String username = request.getParameter("username");
> String password = request.getParameter("password");
> String confirmpw = request.getParameter("password2"); String dbName =
> "storedb";
>
>
> Connection conn = null;
> Statement stmt = null;
>
>
> String usr = "postgres";
> String passwd = "Wimdk12";
>
> if (username != null)
> username = username.trim();
> if (password != null)
> password = password.trim();
> if(confirmpw != null)
> confirmpw = confirmpw.trim();
> if (username != null &&
> username.length() > 0) {
> if (password != null &&
> password.length() > 0) {
> if (confirmpw != null &&
> confirmpw.length() > 0) {
> if (password.equals(confirmpw)) {
> %>
> <h1> Loading the driver </h1> <%
> String url = "jdbc:postgresql:" + dbName;
>
> // Load the driver
> Class.forName("org.postgresql.Driver");
> // Connect to database
> conn = DriverManager.getConnection(url, usr,
> passwd); stmt = conn.createStatement(); %>
>
> <h1> Connecting to the data base </h1> <%
> String insertString =
> "INSERT INTO \"login\" (\'user\',
> \'password\') VALUES ('username', 'password')";
> %>
>
> <h1> Updating table </h1>
> <%
> stmt.executeUpdate(insertString);
>
> %>
> <h1> Checking result </h1>
> <%
> ResultSet rset = stmt.executeQuery("SELECT *
> FROM login");
>
>
> while (rset.next()) {
> System.out.println(
> rset.getString("user") + ":" +
> rset.getString("password"));
> } %>
> <h1> Closing connection <h1> <%
> rset.close();
> stmt.close();
> conn.close();
>
> %>
> <h1>Congratulations <%= username %>! your account has been created
> </h1>
>
> <%
> } else { %>
> <h1>Sorry! Account not created. passwords do
> not match </h1> <%
> }
> } else { %> <h1>Sorry! Account not
> created. passwords do not match </h1>
> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> confirmation password </h1> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> password </h1> <%
> }
> } else { %>
> <h1>Sorry! Account not created. Please enter a
> username </h1> <%
> } %>
> </body>
> </html>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dan Langille | 2002-11-26 15:17:26 | Re: subselect instead of a view... |
| Previous Message | Rison, Stuart | 2002-11-26 13:54:20 | Two TIMESTAMPs in one pl/sql function |