简体   繁体   中英

Java GUI login with mysql database only accept last row password for access ignoring rest

I'm trying to make a java gui with login verification from using a mysql database. At the moment I believe it's only getting the password from the last row, for example

first row - username = user, password = 1234 second row - username = admin, password = 12345

These are just temporary until its solved, i plan to hash them passwords and also make it so a user can create a new account and what not, which I've already created.

Regarding my issue, it seems to only pick up the password 12345 and not 1234... It also doesn't matter if there is no username, thus if I want to login it accepts a blank user name and password 12345. I want to resolve this and also make it so it can pick any username and password in the table, not just the last row.

Below is my code.

the problem is in this line

resultSet = statement.executeQuery(            
                "SELECT ID, username, password FROM person" );

When the query get executed, then it will retrive all the rows .Now when you are doing here

while ( resultSet.next() ) 
             {
                Uname = resultSet.getString("username");
                Pass = resultSet.getString("password");
.............
//rest codes
}

value of Uname changes continously hence you are getting the last row Little explanation of the above while loop At first the cursor is above the first row,When rs.next() return boolean so it checks whether any row is present or not if yes return true else returns false.Now suppose you have total 3 rows then for rs.next() will return true so loop comes inside and uname gets the username of the firstrow and similarily password also gets the first password.Now again rs.next() rows returns true so now uname will get 2nd row username and password gets 2nd row password.Similarily for the 3rd time and now uname has username of the 3rd row.After 3rows are over rs.next() return false and hence comes out of the loop.So finally Uname contains the username and of the last row and Pass contains the password of the last row

UPDATE My suggestion is use this way

PreparedStatement pt=connection.prepareStatement("SELECT ID, username, password FROM person WHERE username=?");
pt.setString(1,username);
resultSet = pt.executeQuery();

now when you will have only one row.

You're doing this wrong. Instead of searching the database for matching users and doing the password match yourself, you should be asking the database whether there is a match on both, via

select * from person where userid = ? and password = ?

and just making sure there is a result row. It could even be a count query and you just check that the result is one.

That way you can also hash the passwords in the database, which you should be doing for other security reasons anyway.

Hello ## I am just a beginner , I want to share what I do.

Always make different class for connecting to database. This will make your code cleaner.

I will demonstrate you with an example

private void btn_LoginActionPerformed(java.awt.event.ActionEvent evt) {
    /*LOGIC*/ 

super.Show("Select * from Login");// this class is extending a class connect me
        try{
            int Checker = 0;// a flag 

        while(rs.next())
        {
    String user = field_UserId.getText();//values coming from field
            String pass = field_Password.getText();
    String user1 = rs.getString("User");//values coming from database
            String pass1 = rs.getString("Pass");

                if( user.equals(user1)& pass.equals(pass1))
                {      
                    //if enters into loop user is valid
                    Checker=1;//setting flag to 1

                }


          }
          if(Checker == 0  )
          {     JOptionPane.showMessageDialog(null,"Check Id&Password");
                field_UserId.setText("");
                field_Password.setText("");
          }


          }


    catch(Exception ex_connection)
 {
        System.out.println(ex_connection);


}

            /*LOGIC ENDED   */
     }

**now the class connectme* *

    class Connectme
  {
String Name;
String Number;
ResultSet rs,r,rs1;
ResultSetMetaData md;
Statement st;
Statement st1;
int p=0;


Connectme()
{


try 
    {

        Class.forName("com.mysql.jdbc.Driver");
    Connection  con=  
          DriverManager.getConnection("jdbc:mysql://localhost:3306/Storage","root","");
        st= con.createStatement();  
        st1 = con.createStatement();

   }
catch(Exception ex_connection)
{
    System.out.println("damnnn");
    JOptionPane.showMessageDialog(null,"Check Database Connection");
}

}

void queryExecute(String insert)
{


try
{



        /*begin-to execute query ins database*/

            st.executeUpdate(insert);



        /*end-to enter values in database*/

}
catch(Exception ex_connection)
{
        System.out.println(ex_connection);


}
}


void Show(String table_name)
{

    try
{


    String insert = ("Select * from " + table_name + "");



        rs = st1.executeQuery(insert);
      md = rs.getMetaData();


}
    catch(Exception ex_connection)
{
        System.out.println(ex_connection);

        System.out.println("waah");


}

}


 void Show1(String insert1)
 { 

    try
 {



        rs1= st.executeQuery(insert1);
        /* while (rs1.next()) {
         System.out.print(rs1.getString("Price"));

         }*/


 md = rs1.getMetaData();


}
    catch(Exception ex_connection)
{
        System.out.println(ex_connection);




}

  }

 }
Solution to your problem
  String user=username_field.getText(); PreparedStatement ps = con.prepareStatement( "SELECT ID, username, password FROM person where username=user" ); 

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM