i am having issues with this code its not comparing valid inputs as well, is it wrong as far as database is concern .it is always giving me invalid as out put

<%@ page language="java" import="java.sql.*" %>
<%@ page import="java.util.*" %>
<%
    String id=request.getParameter("id");
    String pass=request.getParameter("pass");
       try
	 {
	Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
	
	
	Connection con=DriverManager.getConnection("jdbc:odbc:prod","scott","tiger");
	PreparedStatement ps=con.prepareStatement("select * from  login where ID=?");
   ps.setString(1,id);
	ResultSet rs=ps.executeQuery();
out.println("<htlm> <body>");
      while(rs.next())
	{
		 String a=rs.getString(1);
		 String b=rs.getString(2);
           if ( (id.equals(a))  && (pass.equals(b)) )  
		{
		     %>
			<jsp:forward page="a.html" />
		     <%
		}   
		else
		out.println("invalid "+id+pass+a+b);		
	 }
out.println("</htlm> </body>");
	
}
	catch(Exception e)
	{
		out.println(e);
	}

first you check the query..

it may not be where id=? instead of id="+id+".

second you check the column from select query that you compare with id...

first you check the query..

it may not be where id=? instead of id="+id+".

second you check the column from select query that you compare with id...

You better learn something about PreparedStatement for next time...

apologies...

unfortunately i didn't looked Prepared Statement in the code.....

sorry for the wrong suggestion...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.