I'm trying to make a java gui with login verification from using a mysql database. At the moment I believe it's only getting the password from the last row, for example
first row - username = user, password = 1234
second row - username = admin, password = 12345
These are just temporary until its solved, i plan to hash them passwords and also make it so a user can create a new account and what not, which I've already created.
Regarding my issue, it seems to only pick up the password 12345 and not 1234... It also doesn't matter if there is no username, thus if I want to login it accepts a blank user name and password 12345. I want to resolve this and also make it so it can pick any username and password in the table, not just the last row.
Below is my code.
the problem is in this line
resultSet = statement.executeQuery(
"SELECT ID, username, password FROM person" );
When the query get executed, then it will retrive all the rows .Now when you are doing here
while ( resultSet.next() )
{
Uname = resultSet.getString("username");
Pass = resultSet.getString("password");
.............
//rest codes
}
value of Uname
changes continously hence you are getting the last row Little explanation of the above while loop At first the cursor is above the first row,When rs.next()
return boolean so it checks whether any row is present or not if yes return true else returns false.Now suppose you have total 3 rows then for rs.next()
will return true so loop comes inside and uname
gets the username
of the firstrow and similarily password also gets the first password.Now again rs.next()
rows returns true
so now uname will get 2nd row username
and password gets 2nd row password.Similarily for the 3rd time and now uname has username of the 3rd row.After 3rows are over rs.next()
return false
and hence comes out of the loop.So finally Uname contains the username and of the last row and Pass contains the password of the last row
UPDATE My suggestion is use this way
PreparedStatement pt=connection.prepareStatement("SELECT ID, username, password FROM person WHERE username=?");
pt.setString(1,username);
resultSet = pt.executeQuery();
now when you will have only one row.
You're doing this wrong. Instead of searching the database for matching users and doing the password match yourself, you should be asking the database whether there is a match on both, via
select * from person where userid = ? and password = ?
and just making sure there is a result row. It could even be a count query and you just check that the result is one.
That way you can also hash the passwords in the database, which you should be doing for other security reasons anyway.
Always make different class for connecting to database. This will make your code cleaner.
I will demonstrate you with an example
private void btn_LoginActionPerformed(java.awt.event.ActionEvent evt) {
/*LOGIC*/
super.Show("Select * from Login");// this class is extending a class connect me
try{
int Checker = 0;// a flag
while(rs.next())
{
String user = field_UserId.getText();//values coming from field
String pass = field_Password.getText();
String user1 = rs.getString("User");//values coming from database
String pass1 = rs.getString("Pass");
if( user.equals(user1)& pass.equals(pass1))
{
//if enters into loop user is valid
Checker=1;//setting flag to 1
}
}
if(Checker == 0 )
{ JOptionPane.showMessageDialog(null,"Check Id&Password");
field_UserId.setText("");
field_Password.setText("");
}
}
catch(Exception ex_connection)
{
System.out.println(ex_connection);
}
/*LOGIC ENDED */
}
**now the class connectme* *
class Connectme
{
String Name;
String Number;
ResultSet rs,r,rs1;
ResultSetMetaData md;
Statement st;
Statement st1;
int p=0;
Connectme()
{
try
{
Class.forName("com.mysql.jdbc.Driver");
Connection con=
DriverManager.getConnection("jdbc:mysql://localhost:3306/Storage","root","");
st= con.createStatement();
st1 = con.createStatement();
}
catch(Exception ex_connection)
{
System.out.println("damnnn");
JOptionPane.showMessageDialog(null,"Check Database Connection");
}
}
void queryExecute(String insert)
{
try
{
/*begin-to execute query ins database*/
st.executeUpdate(insert);
/*end-to enter values in database*/
}
catch(Exception ex_connection)
{
System.out.println(ex_connection);
}
}
void Show(String table_name)
{
try
{
String insert = ("Select * from " + table_name + "");
rs = st1.executeQuery(insert);
md = rs.getMetaData();
}
catch(Exception ex_connection)
{
System.out.println(ex_connection);
System.out.println("waah");
}
}
void Show1(String insert1)
{
try
{
rs1= st.executeQuery(insert1);
/* while (rs1.next()) {
System.out.print(rs1.getString("Price"));
}*/
md = rs1.getMetaData();
}
catch(Exception ex_connection)
{
System.out.println(ex_connection);
}
}
}
Solution to your problem
String user=username_field.getText(); PreparedStatement ps = con.prepareStatement( "SELECT ID, username, password FROM person where username=user" );
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.