DaniWeb IT Discussion Community - View Single Post - [ask]validation for user name registration

Re: [ask]validation for user name registration

Dec 3rd, 2008

First point I suggest is read the Read-Me thread which is the first thread in the JSP forum, You are performing database operations from directly withing your JSP page which is considered a bad practice, the above thread will guide you on how to go about organizing your code nicely so that when you get on real world projects in JSP you will be thorough with the right practice.

Now let us check how your coding is going on. First thing I see is you are failing to consider all the circumstances and you have just not traced mentally how your if and else if statements will be executed.

for ex consider this :-

 Help with Code Tags 
 java Syntax (Toggle Plain Text) 
if(user == null || user.equals("")) 
{
  response.sendRedirect("register.jsp?err = please fill the username");
}
else if (user != null)
{
  query = "select username from msUser where username like '%"+user+"%'";
}
if(user == null || user.equals("")) 
{
  response.sendRedirect("register.jsp?err = please fill the username");
}
else if (user != null)
{
  query = "select username from msUser where username like '%"+user+"%'";
}

In the "if" condition you are already checking wheteher user == null or blank user.equals("") so why do you need to check again in the else if (user != null) , the code in that else if block could been easily put in the else block.

Now just take a look at your query:-

 Help with Code Tags 
 sql Syntax (Toggle Plain Text) 
SELECT username 
FROM msUser 
WHERE username LIKE '%"+user+"%'
select username 
from msUser 
where username like '%"+user+"%'

This would list all the users to you which contain the current user's username.
For example if the current user wants to register the user name as "dracula" and if a user called "dracula1" already exists then the above select query would give you the details of user "dracula1" and hence your system would not allow the user "dracula" to be created even if no such user exists.
Your query should have been:-

 Help with Code Tags 
 sql Syntax (Toggle Plain Text) 
SELECT password 
FROM msUser
WHERE user='"+user+"';
SELECT password 
FROM msUser
WHERE user='"+user+"';

Now we may have corrected the query, but you have not fired the query in the database to check if the user exists !!!
Also why are you checking if user == query , there is everything wrong in that also.
First thing is that when you want to compare two strings you do not use the == operator, you use the equals() or equalsIgnoreCase() method of the String class.
Also if your consider this logically it is absolutely incorrect. What is the use of comparing the

According to me you still do not have any firm foundation of the language so I suggest you first get your basics of Java strong, by going through tutorials mentioned in this thread.
Next go through the JDBC tutorial, note in core Java only and once you have established yourself firmly in Java only then jump to JSP (else you will just find yourself coming back time and again to clear your core java concepts).

Also you need to read a little background information about JSPs cause you seem to be confused as to what is meant by JSP 2.0 standard etc. Any book on JSP worth its salt will cover these basic topics in the first or second chapter itself.

BTW its Manchester United and not Manchaster, if your are going to use the name of my favourite, you better spell it correctly !!!

Last edited by stephen84s; Dec 3rd, 2008 at 2:46 am.

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."

"How to ask questions the smart way ?"