JSP how to prevent hacking into password of login page

Hi all , i have a question. i found out that when in jsp i type this password for login page :'' or '1' =(i din the write the full code to prevent misuse )it can enter the website. How do i prevent it ?thanks in advance

[265 byte] By [philipsa] at [2007-10-2 21:36:50]

«« Background color problem
»» thread concurrency problem - how to know when thread is dead?

# 1

use a PREPARED statement for your sql code, here's one of mine:

this.st = this.conn.prepareStatement("UPDATE names SET FName = ?, sName = ?, Company = ?, mail = ?, Phone = ?, Password = ? WHERE mail = ?");

this.st.setString(1,fName);

this.st.setString(2,sName);

this.st.setString(3,company);

this.st.setString(4,nmail);

this.st.setString(5,phone);

this.st.setString(6,pwd);

this.st.setString(7,mail);

this.st.executeUpdate();

As you can see, in the sql values are represented by ?

These values are poulated with this.st.setString.

angrycata at 2007-7-14 0:51:05 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

As you will be using a SELECT statement you will need to replace st.executeUpdate();withrs =st.executeQuery(); where rs is a ResultSet

angrycata at 2007-7-14 0:51:05 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

JSP how to prevent hacking into password of login page

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified