JSP registration in MySQL

Navigation
0

I am trying to make a form using JSP and insert the values using MySQL. The problem I have is that if someone tries to register and the user exists tell me: "The user already exists". It does not work for me, I do not know, but somehow it does not do the while correctly. Here the code: 

 // Variables de conexion
Connection con; 
Statement set; 
ResultSet rs; 

String sURL="jdbc:mysql://localhost/loginjsp"; 
String userName = "root"; 
String password = "root"; 

//Parámetros index
String nombre = request.getParameter("nombre");
String pass = request.getParameter("pass");
String repPass = request.getParameter("repPass");

//Si las variables existen
if(nombre != null && pass != null && repPass != null){
    //Si las contraseñas coinciden
    if(pass.equals(repPass)){
        try{ 
            Class.forName("com.mysql.jdbc.Driver").newInstance(); 
            con = DriverManager.getConnection(sURL, userName, password); 
            System.out.println("Se ha conectado"); 
            set = con.createStatement(); 
            rs = set.executeQuery("SELECT * FROM usuarios;"); 

            while(rs.next()){ 

                String nombreBD = rs.getString("nombre");
                String passBD = rs.getString("pass");
                out.println(nombreBD + "...." + nombre);

               //Si existe en la BD
                if( nombre.equals(nombreBD)){ 
                    out.println("<script>alert('Ya existe este usuario!')</script>");

                } else{
                    out.println("22222");
                    String consultaSQL = "INSERT INTO usuarios (nombre, pass) values ('" + nombre + "','" + pass + "');";
                    int consulta = set.executeUpdate(consultaSQL);
                    out.println("<script>alert('Ya te has registrado!')</script>");
                }//end if
                out.print("1..");
            }//end while

            //Cerramos conexión
            rs.close(); 
            set.close(); 
            con.close();

        }catch(Exception e) { 
            System.out.println("Error en acceso a BD"); 
        }//end try catch

    }else{
        out.println("<script>alert('Las contraseñas no coinciden!')</script>");
    }//end if

}//end if
    
asked by Csc99 24.05.2018 в 00:52
source

1 answer

0

I think your logic is wrong.

First your query should be like this: 

SELECT count(*) as total FROM usuarios where nombre=?;

And the parameter is passed with a pstmt.setString(1,nombre); in this way in the result you receive total and you know how many there is, if zero is zero and if it is greater than zero it already exists: 

PreparedStatement pstmt = con.prepareStatement("SELECT count(*) as total FROM usuarios where nombre=?;"); 
pstmt.setString(1,nombre);
rs = pstmt.executeQuery();
int total = rs.getInt("total");

This way you do not need that while .

And please do not use Statement since it is susceptible to SQL injection attacks better use prepared Statement and you avoid future problems.

    
answered by 24.05.2018 в 01:45
Create a dependent select? VB.NET Simulate keyboard and mouse