java.lang.NullPointerException- login servlet

Question

I recently started java programming. I'm getting java.lang.NullPointerException in my serlvet. Code is posted below. can anyone help me please?

I'm using mysql- username, password, etc are correct.I can see the values in table.

message in console -

java.lang.NullPointerException

at j2ee.Authenticate.processRequest(Authenticate.java:49)

at j2ee.Authenticate.doGet(Authenticate.java:93)

Code -

package j2ee;


import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


@WebServlet(name = "Authenticate", urlPatterns = {"/Authenticate"})
public class Authenticate extends HttpServlet {


protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();

    String user = request.getParameter("userId");
    String pwd = request.getParameter("passwd");
    String dbuser = null;
    String dbpwd = null;

    try
{
    Class.forName("com.mysql.jdbc.Driver");
    Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/j2ee","root","password");

    String query = "select username, password from user_info where username=? && password=?";

     PreparedStatement p = con.prepareStatement(query);
     p.setString(1,dbuser);  
     p.setString(2,dbpwd);  

     ResultSet rs=p.executeQuery();





     if(dbuser.equals(user) && dbpwd.equals(pwd))
    {
            String s=request.getParameter(user);
            out.println("Welcome" +s); 
            RequestDispatcher rd = request.getRequestDispatcher("Home");
            rd.include(request, response);

    }   
    else
    {
            out.println("Please enter a valid Username and Password!"); 
            RequestDispatcher rd = request.getRequestDispatcher("Login");
            rd.include(request, response);

    }

}
    catch (IOException e)
    {
    System.out.println(e);
    } catch (ClassNotFoundException e) {
        System.out.println(e);
    } catch (SQLException e) {
        System.out.println(e);
    } catch (ServletException e) {
        System.out.println(e);
    }


}

Answer 1

dbuser and dbpwd are initialized to null and never assigned a value. Looks like you are trying to validate a login against a table, but you are never reading the results from the ResultSet object. I think you want to do this:

String query = "select username, password from user_info where username=? && password=?";

     PreparedStatement p = con.prepareStatement(query);
     p.setString(1,user);  
     p.setString(2,pwd);  

     ResultSet rs=p.executeQuery()

     if ( rs.next() ) {
        dbuser = rs.getString(1);
        dbpwd  = rs.getString(2);
      }
     // etc ...

Maybe read up on how to debug in an IDE and how to use result sets

Answer 2

You misuse the prepareStatement function, please

String query = "select username, password from user_info where username=? && password=?";

PreparedStatement p = con.prepareStatement(query);
p.setString(1,dbuser);   //wrong, you are replacing ? with null
p.setString(2,dbpwd);    //wrong, you are replacing ? with null

You should count the number of row instead.

String query = "select count(*) from user_info where username=? && password=?";
p.setString(1,user);
p.setString(2,pwd);  
ResultSet rs=p.executeQuery()

int result = rs.getInt(1);
if(result >= 1){ 
   ..authen OK
}
else{
   ..authen failed
}

Answer 3

You never set the value of dbuser and dbpwd ,you have initialized them with null but you used it in PreparedStatement.