Jonathan Mast wrote:
> I have some jsp with calls to our pg database, and yes, I know this is
> not the optimal way to do it, but we can't stop everything to
> re-engineer our website to use Struts or whatever.
Don't worry, we're not here to judge your development methodologies :).
> specs:
> Apache 1.3.33
> Tomcat 5.5.17
> postgresql 8.1.3
Running an old version of PostgreSQL, however, is frowned upon ;-).
Seriously, you should upgrade.
> That said, the problem is that statements such as:
> "SELECT * FROM tbl_someTable WHERE email='nobody@nowhere.com' ;
> work fine
>
> while statements like this don't work (no records returned):
> "SELECT * FROM tbl_someTable WHERE email='nobody@nowhere.com' AND
> password='abcd'";
> And quoting the field 'password' doesn't make a difference.
>
> I know such records actually exist because I'm printing out the query
> on the webpage, copying it to pgAdmin and executing with results.
That obviously should work, so there's something else than just that
query involved here. Perhaps a quoting problem or something, but it's
hard to say without seeing the actual code.
BTW, if the values for email and password are coming from user input,
you must be careful to quote them properly, or use a prepared statement.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com