I want to create a login page using servlets

Solution 1

It's unclear what you mean with "How to make it work". What happens? What happens not? At least I can spot several problems in your code:

1. You are emitting HTML inside a servlet. You should use JSP for this.
2. You are leaking JDBC resources. You need to close them in finally.
3. You are not setting the entered username (and password) in the SQL string.
4. You are not letting the DB do the task of comparing the password. Add it to the WHERE.
5. You are swallowing the exception. All detailed info about the problem cause get lost. You should either rethrow it as ServletException or at least log the exception type, message and cause. This information is important since it tells something about the root cause of the problem. You know, once the root cause is understood, the solution is obvious.

Further it's also bad user experience if you change the page to a page where the user can do absolutely nothing else than facing an error message. The user has to take extra handling to go back to the login page to re-enter the details. Rather redisplay the same page with the error message inlined.

Rewrite your doPost() method as follows:

String userName = request.getParameter("userName");
String passWord = request.getParameter("password");

String driver = "com.mysql.jdbc.Driver";
String url = "jdbc:mysql://localhost:3306/";
String dbName = "userdb";
String user = "root"; 
String password = "1234";
String sql = "SELECT * FROM LOGIN WHERE USR_NAME = ? AND USR_PASS = ?"; // Not sure how the password column is named, you need to check/update it. You should leave those ? there! Those are preparedstatement placeholders.

Connection connection = null;
PreparedStatement statement = null;
ResultSet resultSet = null;
boolean login = false;

try {
    Class.forName(driver); // You don't need to call it EVERYTIME btw. Once during application's startup is more than enough.
    connection = DriverManager.getConnection(url + dbName, user, password);
    statement = connection.prepareStatement(sql);
    statement.setString(1, userName);
    statement.setString(2, password);
    resultSet = statement.executeQuery();
    login = resultSet.next();
} catch (Exception e) {
    throw new ServletException("Login failed", e);
} finally {
    if (resultSet != null) try { resultSet.close(); } catch (SQLException ignore) {}
    if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
    if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}

if (login) {
    request.getSession().setAttribute("username", userName); // I'd prefer the User object, which you get from DAO, but ala.
    response.sendRedirect("home.jsp"); // Redirect to home page.
} else {
    request.setAttribute("message", "Unknown username/password, try again"); // This sets the ${message}
    request.getRequestDispatcher("login.jsp").forward(request, response); // Redisplay JSP.
}

And add ${message} to your JSP:

<form action="LoginPage" method="POST">
    User name: <input type="text" name="userName" size="20"><br>
    Password: <input type="password" name="password" size="20">
    <br><br>
    <input type="submit" value="Submit"> ${message}
</form>

Here are some links to learn how to do JSP/Servlet/JDBC properly.

• Beginning and Intermediate JSP/Servlet tutorials
• Advanced JSP/Servlet tutorials (with JDBC)
• DAO tutorial - How to create a proper data layer
• DAO tutorial - Using in JSP/Servlet

Solution 2

you should use SELECT PASSWORD from Login in the sql query here PASSWORD is the column name which contains password in your database table LOGIN

Solution 3

toString() for request.getParameter is not required.

You can modify your query to

String sql = "SELECT <PASSWORD_CLM> FROM LOGIN WHERE USR_NAME="+userName;


while(rs.next()) 
{ 
   //read the password in pass. 
} 
if(pass !=null && pass.equals(passWord)) 
{ 
  // Code
}

Author by

sumit sharma

Updated on June 25, 2022