Java SQL(JDBC):如何移至下一列?
[英]Java SQL (JDBC) : how to move to the next column?
问题描述
I'm trying to check if the " Username " and " Email " arguments in my constructor are existed in the SQL Table. 
我正在尝试检查SQL表中是否存在构造函数中的“ Username ”和“ Email ”参数。
this is my code: 这是我的代码:
public DB(String usr, String eml, String pwd) {
this.usr = usr;
this.eml = eml;
this.pwd = pwd;
String jdbcUrl = "jdbc:mysql://localhost:3306/registered";
String jdbcUser = "....";
String jdbcPassword = "....";
try {
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection(jdbcUrl, jdbcUser,
jdbcPassword);
statement = connection.createStatement();
now , if i use SELECT with two columns, like this: 现在,如果我将SELECT与两列一起使用,例如:
String command = "SELECT UserName,Email FROM users WHERE UserName LIKE '" + this.usr.toString() + "';";
resultSet = statement.executeQuery(command);
and then do my loop for resultSet... like this: 然后为resultSet做我的循环...就像这样:
while (resultSet.next()) {
if (usr.equalsIgnoreCase(resultSet.getString("UserName"))) {
System.out.println("UserName : " + this.usr + " is taken!");
}
else if (eml.equalsIgnoreCase(resultSet.getString("Email"))) {
System.out.println("Email : " + this.eml + " is taken!");
}
else {
System.out.println("Email : " + this.eml + " and UserName : " + this.usr + " are AVAILABLE!");
command = "INSERT users SET UserName = '" + this.usr.toString() + "',Email = '" + this.eml.toString() + "',Password = '" + this.pwd.toString() + "',Status = '0' ,Connected = '1';";
statement.executeUpdate(command);
}
}
} catch (SQLException e) {
System.out.println("SQLException: " + e.getMessage());
System.out.println("Vendor error: " + e.getErrorCode());
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
the 该
resultSet.next()
only runs over the "FIRST" column which means if the "usr" exists in the table it works, but if the "usr" does not exist in the table, the other two if statements does-not work .. 仅在“ FIRST”列上运行,这意味着表中是否存在“ usr”,但是如果表中不存在“ usr”,则其他两个if语句不起作用。
,... i want to check both first column and second,.. and maybe third or more soon.. , any help? ,...我想同时检查第一列和第二列,..也许很快就检查第三列或更多..,有什么帮助吗?
1 个解决方案
解决方案1
1 2014-06-21 00:40:25
Your WHERE clause only tests for the UserName, so if the UserName doesn't match this.usr.toString() , the resultSet will be empty, so the while loop won't be entered. 您的WHERE子句仅测试用户名,因此,如果用户名与this.usr.toString()不匹配,则resultSet将为空,因此不会输入while循环。
You should change the query to match all the fields you care about - something like - "SELECT UserName,Email FROM users WHERE UserName = ... OR Email = ..." 您应该更改查询以匹配您关心的所有字段-类似于- "SELECT UserName,Email FROM users WHERE UserName = ... OR Email = ..."
If the resultSet is empty, you'll know that you can insert the new record. 如果resultSet为空,您将知道可以插入新记录。 Otherwise, you can check which of the fields (UserName, Email) is already taken. 否则,您可以检查哪些字段(用户名,电子邮件)已被占用。
One more thing you should be aware of - executing a SQL statement without PreparedStatement makes your code vulnerable to SQL injection attacks. 您应该意识到的另一件事-在没有PreparedStatement情况下执行SQL语句会使您的代码容易受到SQL注入攻击的攻击。
You should change your code to something like this : 您应该将代码更改为以下内容:
PreparedStatement pstmt = con.prepareStatement("SELECT UserName,Email FROM users WHERE UserName = ? OR Email = ?");
pstmt.setString(1, this.usr);
pstmt.setString(2, this.eml);
resultSet = pstmt.executeQuery();
You should change your INSERT statement similarly to use PreparedStatement . 您应该像使用PreparedStatement一样更改INSERT语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.