Geek Answers Handbook

Database Update in JSP

I encoded this Java code for my JSP page to update the current user information for the user. The code does not show any errors or exceptions, but does not update the MySql database.

Help me implement this functionality;

My code is:

<% //variable declaration for encrypt and decrypt byte [] input ; byte [] keyBytes = "12345678".getBytes(); byte [] ivBytes ="input123".getBytes(); SecretKeySpec key = new SecretKeySpec(keyBytes,"DES"); IvParameterSpec ivSpec = new IvParameterSpec(ivBytes); Cipher cipher; byte[] cipherText; int ctLength=0; Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection(CONN_STRING, USERNAME, PASSWORD); if(request.getParameter("submit")!=null){ String cuser=request.getParameter("currentusername"); String user = request.getParameter("username"); String pwd = request.getParameter("password"); String cpwd = request.getParameter("confirmpassword"); Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); input = pwd.getBytes(); key = new SecretKeySpec(keyBytes, "DES"); ivSpec = new IvParameterSpec(ivBytes); cipher = Cipher.getInstance("DES/CTR/NoPadding","BC"); cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); cipherText = new byte[cipher.getOutputSize(input.length)]; ctLength+=cipher.update(input, 0, input.length, cipherText, 0); ctLength+= cipher.doFinal(cipherText, ctLength); String enpwd = new String(cipherText); String sql2 = "update webadmin set username=? ,password=? where username='"+cuser+"' "; if((cuser!=null &&cuser.length()>0) && (user!=null &&user.length()>0) && (pwd!=null && pwd.length()>0) && cpwd!=null && cpwd.length()>0) { if((pwd.equals(cpwd))){ pst =conn.prepareStatement(sql2); pst.setString(1, user); pst.setString(2, enpwd); pst.executeUpdate(); %> <script language="JavaScript"> alert("Sucessfully Updated"); </script> <% }else{ %> <script language="JavaScript"> alert("Passwords are not matching try again"); </script> <% } } } } %>

Note. I implement to encrypt the password and store the encrypted password in the database.

HTML form

 <form id="login-form" action="adminpg-mysettings.jsp" method="post" role="form" style="display: block;"> <div class="form-group"> <input type="text" name="currentusername" id="currentusername" tabindex="1" class="form-control" placeholder="Current Username" value="" required=""> </div> <div class="form-group"> <input type="text" name="username" id="username" tabindex="1" class="form-control" placeholder="New Username" value="" required=""> </div> <div class="form-group"> <input type="password" name="password" id="password" tabindex="2" class="form-control" placeholder="New Password" required=""> </div> <div class="form-group"> <input type="password" name="confirmpassword" id="password" tabindex="2" class="form-control" placeholder="Confirm New Password" required=""> </div> <div class="form-group"> <div class="row"> <div class="col-sm-6 col-sm-offset-3"> <input type="submit" name="submit" id="submit" tabindex="4" class="form-control btn btn-login" value="Save"> </div> </div> </div> </form>
+4
source share
1 answer

First, as everyone will tell you, it is very difficult to translate Java into JSP. The correct way to work is Servlet and the requests stored in the session. This will prevent malicious sql injections.

Secondly, your security restrictions should be handled in web.xml and Servlet , which is best suited for backup maintenance. Following good programming practice, you won’t be crazy about listening to magazines.

I can help you implement what you are trying to do with the servlet, but before I do this, I need to know the following:

  • Obvious: do you have a servlet?
  • Are you using a JDBC / JNDI connection?
  • Do you have entity classes and user classes?
  • What IDE / framework do you use to develop your application?
  • What server are you working on?

This is the most effective way to accomplish what you want. Please provide answers, and I will clarify my answer using the code :)

0
source

More articles:


All Articles