堆栈内存溢出
  简体   繁体   English

Java 登录表单以某种方式跳过 if-else 语句

[英]Java Login Form somehow skips if-else statement

 原文  2020-12-06 07:38:20       java/ sql

问题描述

I am trying to create a Login and Register form using Java and SQL Workbench.我正在尝试使用 Java 和 SQL 工作台创建登录和注册表单。 The Register form works properly as the Username and Password are added to the SQL Database.当用户名和密码添加到 SQL 数据库时,注册表单可以正常工作。 As for the Login form, everything looks fine.至于登录表单,一切看起来都很好。 But, when it is executed, it skips the If Statement and goes straight to the Else Statement.但是,当它执行时,它会跳过 If 语句并直接进入 Else 语句。 The Username and Password are correct as I checked the SQL Database table.当我检查 SQL 数据库表时,用户名和密码是正确的。 The output is a SqlSyntaxErrorException. output 是 SqlSyntaxErrorException。 Therefore, I think my syntax is wrong.因此,我认为我的语法是错误的。 Any help would be highly appreciated!任何帮助将不胜感激!

This is the code below:这是下面的代码:

if (e.getSource() == LOG_IN_BUTTON)
    {

        String userName = USER_NAME_TEXTFIELD.getText();
        String password = PASSWORD_TEXTFIELD.getText();

        try {
            connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/airline_connect",
                    "root", "Yasser1595");

            String sql = "Select user_name, password from account where user_name=? and password=?";

            st = connection.prepareStatement(sql);

            st.setString(1, userName);
            st.setString(2, password);
            ResultSet rs = st.executeQuery(sql);
            if (rs.next()) {
                frame.dispose();
                new MainGame();
                JOptionPane.showMessageDialog(LOG_IN_BUTTON, "You have successfully logged in");
            } else {
                JOptionPane.showMessageDialog(LOG_IN_BUTTON, "Wrong Username & Password");
            }
        } catch (Exception exc) {
            exc.printStackTrace();
        }

    }

2 个解决方案

解决方案1
 1  2020-12-06 07:59:41

Try the following,试试下面的,

ResultSet rs = st.executeQuery();

Don't pass the sql string to executeQuery .不要将 sql 字符串传递给executeQuery When you pass the sql string to executeQuery it considers it as plain text instead of prepared statement当您将 sql 字符串传递给executeQuery时,它会将其视为纯文本而不是准备好的语句

解决方案2
 0 已采纳  2020-12-06 08:05:04

You did not use PreparedStatement.executeQuery() but the parent's Statement.executeQuery(sql) which is a known pitfall.您没有使用PreparedStatement.executeQuery()而是使用父级的Statement.executeQuery(sql) ,这是一个已知的陷阱。 Also it is worth using try-with-resources with local variables.此外,值得将 try-with-resources 与局部变量一起使用。 Not closing things can cause resource leaks.不关闭事物会导致资源泄漏。

   String sql = "select user_name, password from account where user_name=? and password=?";
   try (Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/airline_connect",
                "root", "Yasser1595");
            PreparedStatement st = connection.prepareStatement(sql)) {

        st.setString(1, userName);
        st.setString(2, password);
        try (ResultSet rs = st.executeQuery()) { // No sql parameter.
            if (rs.next()) {
                frame.dispose();
                new MainGame();
                JOptionPane.showMessageDialog(LOG_IN_BUTTON, "You have successfully logged in");
                return;
            }
            JOptionPane.showMessageDialog(LOG_IN_BUTTON, "Wrong Username & Password");
        }
    } catch (SQLException exc) {
        exc.printStackTrace();
    }

It still did not work它仍然没有工作

  • PASSWORD also is a function, but as no syntax errors happend, that probably is no problem. PASSWORD 也是 function,但由于没有发生语法错误,这可能没问题。 You might try "password" (= column name).您可以尝试"password" (= 列名)。
  • The column might store not the password - which is a security risk, should the database be stolen in the future.该列可能不存储密码 - 如果数据库将来被盗,这是一个安全风险。 It might store some hash of the password.它可能会存储一些密码 hash。

So:所以:

String sql = "SELECT user_name, \"password\" "
    + "FROM account "
    + "WHERE user_name=? AND \"password\"=PASSWORD(?)";

First check how passwords (or their hashes) are stored.首先检查密码(或其哈希)是如何存储的。

It might also be the case that the password handling is done at the java side, for instance by taking the MD5 of the password and storing that.也可能是在 java 端完成密码处理的情况,例如通过获取密码的 MD5 并将其存储。

Should all work, consider an other securite measure: if the password field is a JPasswordField one should ideally not work with a String , but a char[] that can be wiped out after usage ( Arrays.setAll(pwdArray, ' '); ).如果一切正常,请考虑另一种安全措施:如果密码字段是 JPasswordField ,理想情况下不应使用String ,而是可以在使用后清除的char[]Arrays.setAll(pwdArray, ' '); ) . A String could reside long in memory, which might be a security risk. String可能会长期驻留在 memory 中,这可能存在安全风险。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java:If-else语句 - Java: If-else statement Java中的if-else语句 - If-else statement in Java 登录表格IF-ELSE运作不佳 - Login form IF-ELSE not working well 条件语句 If-Else 中的逻辑错误 Java - Logical Error in Conditional Statement If-Else Java 如何避免Java中的大型if-else语句 - How to avoid a large if-else statement in Java Java- 调试 if-else 语句 - Java- Debugging if-else statement If-else语句中的While循环(Java) - While Loop inside an If-else statement (Java) Java IF-ELSE IF-ELSE 跳过 if 和 else if 检查并自动打印出 else 语句 - Java IF-ELSE IF-ELSE skipping the if and else if check and prints out else statement automatically 如果语句跳到其他地方 - If statement skips to else 如何将 if-else 语句转换为 map 或其他使用 java 的语句 - How to convert if-else statement to map or other statement using java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM