[英]Java SQL Exception - r.getString doesn't get column from resultSet
I keep getting SQLException on String passwordr = r.getString(3);我不断收到 SQLException on String passwordr = r.getString(3); .
. From my understanding is that r.getString gets column 3 from the result set, which contains the password in table.
根据我的理解,r.getString 从结果集中获取第 3 列,其中包含表中的密码。 Later on I will compare passwordr to whatever is in txtPassword.
稍后我会将 passwordr 与 txtPassword 中的任何内容进行比较。 Why does it keep going to SQL Exception?
为什么它会继续出现 SQL 异常?
If I hover over "passwordr" it says "Not a known variable in the current context" within NetBeans - I'm not sure if this matters.如果我将鼠标悬停在“passwordr”上,它会在 NetBeans 中显示“在当前上下文中不是已知变量”——我不确定这是否重要。
try{
// load the sql driver
Class.forName(ConnectionDetails.getDriver());
// attempt to connect
con = DriverManager.getConnection(url, username, password);
System.out.println("Connected to the database: "+ ConnectionDetails.getDb());
// prepare an sql statement
stmt = con.createStatement();
String sql = "SELECT * FROM tblusers WHERE fldusername='" + txtUsername.getText() + "';";
// run the query
System.out.println("Before query");
System.out.println(sql);
r = stmt.executeQuery(sql);
System.out.println("After query");
String passwordr = r.getString(1); //FAILS AT THIS LINE
System.out.println(passwordr);
if ( r.next() )// if this returns false there are no records
{
// username found
lblResult.setText("USERNAME Found");
if (passwordr.equals(new String((txtPassword.getPassword()))))
{
lblResult.setText("PASSWORD Correct");
}
else
{
lblResult.setText("PASSWORD Incorrect");
}
}
else
{
lblResult.setText("USERNAME NOT FOUND");
}
}
catch(ClassNotFoundException cnfe)
{ System.err.println("Error finding connection details class");
}
catch(SQLException sqlE)
{
System.err.println("SQL Error");
}
finally
{
// close the statement object
try
{
if( stmt != null )
stmt.close();
System.out.println("Statement object closed");
}
catch(SQLException se)
{
System.err.println("Error: Statement not closed");
}
// close connection to the database
try
{
if( con != null )
con.close();
System.out.println("Connection to db closed");
}
catch(SQLException se)
{
System.err.println("Error: Connection to db not closed");
}
}
}
This block of code has multiple issues, some minor and some significant.这段代码有多个问题,有些是次要的,有些是重要的。 The version I am providing here still has some issues, but addresses many of the problems of the original code.
我在这里提供的版本仍然存在一些问题,但解决了原始代码的许多问题。
Orthogonal to the problem of getting this code to work is the larger question of whether it is appropriate to store passwords in plaintext in a database.与让这段代码正常工作的问题正交的是一个更大的问题,即在数据库中以明文形式存储密码是否合适。 I won't address that here, as this is still an appropriate bit of code for learning Java and JDBC.
我不会在这里解决这个问题,因为这仍然是学习 Java 和 JDBC 的合适代码。
See the commented note pointers in the code.请参阅代码中的注释注释指针。
try{
// load the sql driver
Class.forName(ConnectionDetails.getDriver());
// attempt to connect
con = DriverManager.getConnection(url, username, password);
System.out.println("Connected to the database: "+ ConnectionDetails.getDb());
// prepare an sql statement
String sql = "SELECT * FROM tblusers WHERE fldusername=?"; // <----- Note 1
// Now we need to use a prepared statement, so we can use a bind variable
stmt = con.prepareStatement(sql);
// Bind the user data
stmt.setString(1, txtUsername.getText()); // <----- Note 2
// run the query
System.out.println("Before query");
System.out.println(sql);
r = stmt.executeQuery();
System.out.println("After query");
if ( r.next() )// if this returns false there are no records // <----- Note 3
{
String passwordr = r.getString("PASSWORD_FIELD_NAME"); // <----- Note 4
System.out.println(passwordr);
// username found
lblResult.setText("USERNAME Found");
if (passwordr.equals(new String((txtPassword.getPassword()))))
{
lblResult.setText("PASSWORD Correct");
}
else
{
lblResult.setText("PASSWORD Incorrect");
}
}
else
{
lblResult.setText("USERNAME NOT FOUND");
}
}
catch(ClassNotFoundException cnfe)
{
System.err.println("Error finding connection details class");
}
catch(SQLException sqlE)
{
System.err.println("SQL Error");
}
finally
{
// close the Result Set object // <----- Note 5
try
{
if( r != null )
r.close();
System.out.println("Result set object closed");
}
catch(SQLException se)
{
System.err.println("Error: Result set not closed");
}
// close the statement object
try
{
if( stmt != null )
stmt.close();
System.out.println("Statement object closed");
}
catch(SQLException se)
{
System.err.println("Error: Statement not closed");
}
// close connection to the database
try
{
if( con != null )
con.close();
System.out.println("Connection to db closed");
}
catch(SQLException se)
{
System.err.println("Error: Connection to db not closed");
}
}
PreparedStatement
instead of Statement
.PreparedStatement
而不是Statement
。 Finally, the trailing semicolon in the SQL is not needed (at least in Oracle, not sure about others) and might cause syntax issues.r.next()
.r.next()
之前,您不会有任何结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.