1 Reply Latest reply: Feb 25, 2009 1:44 AM by 800322 RSS

    syntax error in string in quer expression

    807588
      <%@ page import= "java.sql.*;"%>
      <%
      String auth = request.getHeader("Authorization");
      response.setContentType("text/html");
      if (auth == null) {
      response.setContentLength(0);
      response.setStatus(response.SC_UNAUTHORIZED);
      response.setHeader("WWW-Authenticate", "NTLM");
      response.flushBuffer();
      return;
      }
      if (auth.startsWith("NTLM ")) {
      System.out.println("Time:"+new java.util.Date().toString());
      byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
      int off = 0, length, offset;
      String d,m,u;
      if (msg[8] == 1) {
      off = 18;
      byte z = 0;
      byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2, z, z, z, z, z, z, z, z, z, z, z, z}; out.println(" ");
      out.println(" ");
      //contentsize is actually 2. But I need the difference, otherwise it takes so long. So i get an exception instead.
      response.setContentLength(3);
      response.setStatus(response.SC_UNAUTHORIZED);
      response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1));
      response.flushBuffer();
      return;
      } else if (msg[8] == 3) {
      off = 30;
      length = msg[off+17]*256 + msg[off+16];
      offset = msg[off+19]*256 + msg[off+18];
      m = new String(msg, offset, length);
      } else {
      return;
      }
      length = msg[off+1]*256 + msg[off];
      offset = msg[off+3]*256 + msg[off+2];
      d = new String(msg, offset, length);
      length = msg[off+9]*256 + msg[off+8];
      offset = msg[off+11]*256 + msg[off+10];
      u = new String(msg, offset, length);
      out.println("Username:"+u+"<BR>"); //// able to diaplay 'u' value correctly.
      ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
      ///////////////Upto this ,everything is working fine///////////////////////////////////////////////
      ////////////////////////////////////////////////////////////////////////////////////////////////////////////////
      int kl=1;
      Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
      Connection con = DriverManager.getConnection("jdbc:odbc:shift");
      Statement st = con.createStatement();
                String query="Select * from logindb where username='"+u+"'";
                ResultSet rs=st.executeQuery(query); ///////////////// Here I am getting error if I use string varialbe "u"

                          if(rs.next())
                               {
                               session.setAttribute("ob1",u);
      kl=0;
                                              
                               }
      rs.close();
      st.close();
      con.close();
                if(kl==0)
      {
      out.print(query);
                }}%>

      /////////////////////////////////////////////////////////////////////////////////////////////////////////////

      In this line ,If I give the username directly as "joe_mark" === > "Select * from logindb where username='joe_mark'" . ===> It is working fine.
      but getting error message,if I use the string variable - u in the query ==> "Error in string in query expression 'username='j' "
      I am able to display the string vaiable - u in out.print without error.
      What could be the problem??