Unable to retreive value from oracle database using JSP, getting java.sql.SQLException: Result set after last row

Question

I have written simple jsp program where I am trying to retrieve username and password from database, here is my jsp program.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import ="java.sql.*" %>
<%@ page import ="oracle.sql.*" %>
<%@ page import ="oracle.jdbc.driver.*" %>
<%@page import="oracle.jdbc.driver.OracleDriver"%>
<%@ page import ="java.util.Date" %>




Insert title here


<%
String driver="oracle.jdbc.driver.OracleDriver";
String userid = request.getParameter("username"); 
String pwd=request.getParameter("password"); 

Connection con = null;




%>
<%try
{
Class.forName("oracle.jdbc.driver.OracleDriver");

con = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:CCB25", "CISADM", "CISADM");
Statement st= con.createStatement();
String query="select * from CMLOGIN where USERID='"+userid+"'";
ResultSet rs=st.executeQuery(query); 
String pass1="";
rs.next();


pass1 = rs.getString("password");

if(pass1.equals(pwd))
{ 
%>
<%String name=request.getParameter("username");
session.setAttribute("nam",name);%> 

<%}
else
{
String msg="Username or password failed";%>
 <%=msg %>


<%}
}
catch(Exception e)
{
e.printStackTrace();
}
%>

and i have javax.servlet.jar and ojdbc7-12.1.0.2.jar in web-inf/lib folder. I am getting java.sql.SQLException: Result set after last row on the following line "pass1 = rs.getString("password");" Could you please guide me what I am doing wrong.

Kris Rice · Accepted Answer

Here is the same cleaned up a little. You'll have to add back in exception handling and closing of the connection/statement/resultset

Hopefully you never have to use this code for real as it's taking in a password from query string in clear then comparing to a clear version in the db.
Password comparison moved to the sql itself.
Always use PreparedStatements to avoid sql injection

Comments are in the code.

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ page import ="java.sql.*" %>
<%@ page import ="java.util.Date" %>




Insert title here


<%
String userid   = request.getParameter("username"); 
String pwd      = request.getParameter("password"); 

Connection con       = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521/XE", "klrice", "klrice");

//
// USE BINDS ! to avoid sql injection
// push the userid and passwd comparison to the db 
// no need to get the password and compare locally
// 
String query         = "select password from cmlogin where userid=? and password=?";

PreparedStatement st = con.prepareStatement(query);

// 
//  Binds in the vaules
// 

st.setString(1,userid);
st.setString(2,pwd);

ResultSet rs         = st.executeQuery(); 

String pass1;

//  .next will advance if the query has any results
// 

if ( rs.next() ) {
            pass1 = rs.getString("password");
      String name =request.getParameter("username");
      session.setAttribute("nam",name);
%> 
    
<%
    } else {
        String msg="Username or password failed";
%>
          <%=msg %>
        
<%  }  %>

Unable to retreive value from oracle database using JSP, getting java.sql.SQLException: Result set after last row

Answers (2)

Related Questions