[英]Desktop application login using count
I am trying to call a page when a user validates as "Admin" or "User" but there seems to be a problem. 我试图在用户验证为“管理员”或“用户”时调用页面,但似乎存在问题。
private void validateLogin() {
if (getFieldData() == true) {
username = txtname.getText();
String password = new String(txtpassword.getPassword());
Object type = cbType.getSelectedItem();
//validate login and password here.
//validity will be done by sending login/password to the database
String sql = "select count(*) from usermanagement where UserName='"
+ username + "' and " + "Password='" + password + "'";
ResultSet rs = datacon.queryTable(sql);
try {
rs.next();
if (rs.getInt(1) > 0) {
if (type.equals("Admin")) {
MainMenu mainmenu = new MainMenu();
this.dispose();
mainmenu.setVisible(true);
} else {
UserMenu usermenu = new UserMenu();
this.dispose();
usermenu.setVisible(true);
}
} else {
JOptionPane.showMessageDialog(this,
"Incorrect username or password or user category",
"Error", JOptionPane.ERROR_MESSAGE);
clearField();
txtname.requestFocusInWindow();
cbType.setSelectedIndex(0);
}
} catch (SQLException ex) {
ex.printStackTrace();
}
}
}
I am not seeing the your inputs here, username and password. 我在这里看不到您的输入,用户名和密码。 It would be best to attach your logs to get a glimpse of what the Exception states about your problem.
最好附上您的日志以了解Exception关于您的问题的内容。
From what I see in code here are my suggestions, 从我在代码中看到的是我的建议,
You should refrain from using this UserName='"+username +"'
on your sqls, this is appalling for special Charaters can break your sql. 您应该避免在SQL上使用此
UserName='"+username +"'
,这对于特殊的字符可能会破坏您的SQL来说是令人震惊的。 I suggest you adhere to something like PreparedStatement http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html 我建议您坚持使用PreparedStatement之类的方法http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
It's better to adhere if(rs.next())
to check if record exists. 最好坚持使用
if(rs.next())
来检查记录是否存在。 it's not safe to access rs.getInt(1)
, If you're not having any matching records, it can break your application. 访问
rs.getInt(1)
是rs.getInt(1)
,如果没有匹配的记录,则可能会破坏您的应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.