Validation on Redirect

Question

validation.java

     try
    {
        conn = dsEvent.getConnection();
        String userCheck = \"select * from customer\";
        stmt = conn.createState         


        

Answer 1

Why are you iterating through whole resultset and validating if user is present or not instead try changing your select query to check if particular user is present in your database or not.

To do that try below code

String email = request.getParameter("email");
String password = request.getParameter("password");
String userCheck = "select * from tableName where username = ? AND password = ?";
PreparedStatement ps = con.prepareStatement(userCheck);
ps.setString(1, email);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();

And than just check whether resultset is empty or not.

To check resultset is empty or not put below code:

if(rs.isBeforeFirst()) {
    request.getSession().setAttribute("email",email);
    response.sendRedirect("success.jsp");
} else {
    request.setAttribute("error", "Invalid Username & Password");
    request.getRequestDispatcher("index.jsp").forward(request, response);
}

For isBeforeFirst() method look here.

Also change index.jsp to show error message

<p style ="color:red"><%=request.getAttribute("error")!=null ? request.getAttribute("error"): "" %></p>

Answer 2

Seems like the ResultSet contains at least two rows, so the server is executing the forward and/or the redirect or a combination of both at least two times, which is not allowed since you're trying to write the response when it's already closed.

Solution: Move the validation code outside any loop. Make sure the call to RequestDispatcher#forward or HttpServletResponse#redirect occurs once only in your method in servlet.

Also, I don't recommend using redirect in this case, because it generates a new request/response cycle so all the attributes stored in the request won't pass to this new request/response.

Answer 3

This is mainly an addition to Luiggi Mendoza's answer. You cannot have forward or sendRedirect inside a loop except if you pass only once in the loop. As you have, the servlet throws an exception what is causing your error.

You could move those codes outside the loop :

    boolean found = false;
    while( (! found) && rs.next()){
       if((email.equals(rs.getString("email")))&&(password.equals(rs.getString("password"))))
       {
           found = true;
       }
    }
    if (found) {
       RequestDispatcher rd = req.getRequestDispatcher("/success.jsp");
       rd.forward(req,res);
    }
    else
    {
       req.getSession().setAttribute("error", "The email or password you entered is incorrect. Please try again");
       res.sendRedirect(this.getServletContext().getContextPath() + "/index.jsp");
    }

But here you are looping by hand on a resultset, when you could let the database find if there is a match :

    conn = dsEvent.getConnection();
    String userCheck = "select count(*) from customer where email = ? and password = ?";
    stmt = conn.prepareStatement();
    stmt.setString(1, email);
    stmt.setString(2, password);
    rs = stmt.executeQuery(userCheck);
    if (rs.next().getInt(1) > 0) 
       RequestDispatcher rd = req.getRequestDispatcher("/success.jsp");
       rd.forward(req,res);
    }
    else
    {
       req.getSession().setAttribute("error", "The email or password you entered is incorrect. Please try again");
       res.sendRedirect(this.getServletContext().getContextPath() + "/index.jsp");
    }