1

I have this piece of code:

 protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    String Username2 = request.getParameter("Username2");
    String Password2 = request.getParameter("Password2");
    String ResetPassword = request.getParameter("ResetPassword");

    try {
        Class.forName("com.mysql.jdbc.Driver");
        String st = "jdbc:mysql://localhost:3306/LoginAccount";
        Connection conn = (Connection) DriverManager.getConnection(st, "root", "baljinder");
        Statement sta = (Statement) conn.createStatement();
        ResultSet rs = sta.executeQuery("SELECT * FROM Account where Username='" + Username2 + "' && Password ='" + Password2 + "' ;");

        while (rs.next()) {

            if (Username2.equals(rs.getString("Username")) && Password2.equals(rs.getString("Password"))) {
                sta.executeUpdate("update Account set Password ='" + ResetPassword + "' where Username='" + Username2 + "' ;");
                out.print("your successful to Reset the password");
                conn.close();
            } else {
                out.println("<h1>the Username and Password didn't match did not found </h1>");
            }
        }
    } catch (SQLException ex) {
        Logger.getLogger(AccountServlet.class.getName()).log(Level.SEVERE, null, ex);
        //out.print(ex);
    } catch (ClassNotFoundException ex) {
        Logger.getLogger(AccountServlet.class.getName()).log(Level.SEVERE, null, ex);
        out.print(ex);
    } finally {
        out.close();
    }
}

I'm getting this again & again,

java.sql.SQLException: Operation not allowed after ResultSet closed

any mistakes?

Improve this question
6
  • which line is throwing the exception? Commented Oct 5, 2011 at 20:03
  • 6
    Btw... delightful sql injection attack you are creating. What website are you creating so that the world can have fun attacking it? Commented Oct 5, 2011 at 20:07
  • 1
    Darn. I was looking forward to a username of: '; delete from accounts; select from accounts where '1' == ' Commented Oct 5, 2011 at 20:13
  • This is not a JSP/Servlet problem. You got an exception of java.sql package, not javax.servlet package. This is just a JDBC problem. You would have exactly the same problem when doing so in a normal Java class (where that piece of code actually belongs!). I removed the irrelevant JSP/Servlet tags. Commented Oct 5, 2011 at 20:18
  • 1
    By the way, why do you not trust the DB that it returned the row you asked it to return? You specfied the conditions in a WHERE, but you're checking them again by equals() inside the loop... Commented Oct 5, 2011 at 20:22

1 Answer 1

Reset to default
6

You're closing the database connection while iterating through the ResultSet. A ResultSet needs to have its connection open to work.

You should also make sure to close the JDBC connection in a finally block.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If the username is strictly unique in the DB, then that while should better be an if. It would solve the problem as well, but it's definitely still not the right way. Resource closing should take place in a finally all the time.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.