package servlets; import dao.DbConnection; import java.io.IOException; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebServlet(urlPatterns = {"/sign-in"}) public class DodgyLoginServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String ctx = request.getContextPath(); String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select name from users where username = '" + username + "' and password = '" + password + "';"; System.out.println(sql); try ( Connection con = DbConnection.getConnection(getServletContext()); Statement s = con.createStatement(); ) { ResultSet rs = s.executeQuery(sql); if (rs.next()) { String name = rs.getString("name"); request.getSession().setAttribute("name", name); request.getSession().setAttribute("signedIn",Boolean.TRUE); response.sendRedirect(ctx + "/protected/welcome.jsp"); } else { request.getSession().setAttribute("signedIn", Boolean.FALSE); response.sendRedirect(ctx + "/sign-in.jsp"); } } catch (SQLException ex) { Logger.getLogger(DodgyLoginServlet.class.getName()).log(Level.SEVERE, null, ex); } } }