<% String id = request.getParameter("id"); String pw = request.getParameter("pw"); System.out.println( "ID: " + id + "; password: " + pw ); String response_str = "ID: " + id + "; password: " + pw ; boolean flag = false; if ( id.trim().equals("") == true ) { response_str = "You fails system authentication"; } else { try { double d = Double.parseDouble(id); flag = true; } catch (NumberFormatException nfe) { System.out.println( "NumberFormatException error: " + nfe.getMessage() ); response_str = "Your ID should be number "; } } if ( flag == true ) { String driver_classname = "org.gjt.mm.mysql.Driver"; String server_url = "jdbc:mysql://localhost:3306/class_4"; String login_id = "data_101"; String login_pw = "data_101"; java.lang.Class.forName( driver_classname ); java.sql.Connection con = java.sql.DriverManager.getConnection( server_url, login_id, login_pw ); java.sql.PreparedStatement stmt = null; java.sql.ResultSet rs = null; con.setAutoCommit(false); // String backend_sql_string = "select count(*) cnt from class_4.users where id = " + id + " and pw = '" + pw + "'"; // String backend_sql_string = "select count(*) cnt from class_4.users where pw = '" + pw + "' and id = " + id; String backend_sql_string = "select count(*) cnt from class_4.users where pw = ? and id = ? "; System.out.println( "backend_sql_string: " + backend_sql_string ); stmt = con.prepareStatement( backend_sql_string ); stmt.setString( 2, id); stmt.setString( 1, pw); System.out.println( "backend_sql_string: " + stmt.toString() ); rs = stmt.executeQuery(); int bs = 0; while ( rs.next() ) { bs = rs.getInt( "cnt" ); } if ( bs == 0 ) { response_str = "Your ID or password is incorrect"; } else { // response_str = "Login successful"; String redirectURL = "thankyou.html"; response.sendRedirect(redirectURL); return; } } String sendFormat = "text/html;charset=utf-8"; response.setContentType(sendFormat); response.setHeader("Cache-Control", "no-cache"); response.getWriter().write(response_str); response.getWriter().flush(); %>