public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
sendPageHeader(response);
firstName = request.getParameter("firstName");
lastName = request.getParameter("lastName");
userName = request.getParameter("userName");
password = request.getParameter("password");
boolean error = false;
String message = null;
try {
Connection con = DriverManager.getConnection("jdbc:odbc:JavaWeb");
System.out.println("got connection");
Statement s = con.createStatement();
String sql = "SELECT UserName FROM Users" +
" WHERE userName='" + StringUtil.fixSQLFieldValue(userName) + "'";
ResultSet rs = s.executeQuery(sql);
if (rs.next()) {
rs.close();
message = "The user name " + StringUtil.encodeHtmlTag(userName) +
" has been taken. Please select another name.";
error = true;
}
else {
rs.close();
sql = "INSERT INTO Users" +
" (FirstName, LastName, UserName, Password)" +
" VALUES" +
" ('" + StringUtil.fixSQLFieldValue(firstName) + "'," +
" '" + StringUtil.fixSQLFieldValue(lastName) + "'," +
" '" + StringUtil.fixSQLFieldValue(userName) + "'," +
" '" + StringUtil.fixSQLFieldValue(password) + "')";
int i = s.executeUpdate(sql);
if (i==1) {
message = "Successfully added one user.";
}
}
s.close();
con.close();
}
catch (SQLException e) {
message = "Error." + e.toString();
error = true;
}
catch (Exception e) {
message = "Error." + e.toString();
error = true;
}
if (message!=null) {
PrintWriter out = response.getWriter();
out.println("" + message + "
");
out.println("