Few days ago i started developing an Android app which i decided to use JDBC for database connection (database is in cloud) and i know that using a php webservice is more secure. here is my problem :
until yesterday i was able to establish a connection and get query results and login to the app but somehow i am not able to do it now. I am using Google Cloud Sql for my database and everything looks fine , i can connect to my db through Mysql Workbench and do the same queries.
The funny thing is that when i try to login to the app with a wrong password i get the login failed error which means i get results from db but with the correct password i get nothing which is weird.
Can anyone guess what is possibly wrong?
Here is my database connection class
public class DBTransactions {
// JDBC driver name and database URL
static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";
static final String DB_URL = "jdbc:mysql://***:3306/";
// Database credentials
static final String DB_Name = "dbname";
static final String USER = "user";
static final String PASS = "pass";
public static Nurse NurseLogin(String username, String pass) {
Connection conn = null;
Statement stmt = null;
Nurse nurse= new Nurse();
try {//STEP 2: Register JDBC driver
Class.forName("com.mysql.jdbc.Driver");
//STEP 3: Open a connection
System.out.println("Connecting to database...");
conn = DriverManager.getConnection(DB_URL + DB_Name, USER, PASS);
//STEP 4: Execute a query
System.out.println("Creating statement...");
stmt = conn.createStatement();
String sql;
sql = "SELECT * FROM falldb.nurse WHERE username='" + username + "' AND pass='" + pass + "'";
ResultSet rs = stmt.executeQuery(sql);
System.out.println("Query!!");
//STEP 5: Extract data from result set
while (rs.next()) {
System.out.println("Data exist!!");
//Retrieve by column name
nurse.setID(rs.getInt("idNurse"));
nurse.setName(rs.getString("name"));
nurse.setSurname(rs.getString("surname"));
nurse.setUsername(rs.getString("username"));
nurse.setPass(rs.getString("pass"));
//Display values
System.out.print("ID: " + nurse.getID());
System.out.print(", First: " + nurse.getName());
System.out.println(", Last: " + nurse.getSurname());
System.out.println("Finished!!");
}
//STEP 6: Clean-up environment
rs.close();
stmt.close();
conn.close();
} catch (SQLException se) {//Handle errors for JDBC
se.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
} finally {
//finally block used to close resources
try {
if (stmt != null)
stmt.close();
} catch (SQLException se2) {
}
try {
if (conn != null)
conn.close();
} catch (SQLException se) {
se.printStackTrace();
}//end finally try
}//end try
return nurse;
}
}
and this is Login.class where i call DBTransactions.NurseLogin
public class Login extends Activity {
Button btnLogin;
EditText etUser;
EditText etPass;
TextView tvResult;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
btnLogin = (Button) findViewById(R.id.btnLogin);
btnLogin.setOnClickListener(clickLogin);
etUser = (EditText) findViewById(R.id.etUser);
etPass = (EditText) findViewById(R.id.etPass);
tvResult = (TextView) findViewById(R.id.tvResult);
}
public View.OnClickListener clickLogin = new View.OnClickListener() {
@Override
public void onClick(View v) {
final String u = etUser.getText().toString();
final String p = etPass.getText().toString();
new AsyncTask() {
@Override
protected Object doInBackground(Object[] params) {
return DBTransactions.NurseLogin(u, p);
}
@Override
protected void onPostExecute(Object o) {
Nurse nurse = (Nurse) o;
if (nurse.getName() != null) {
tvResult.setText("Welcome " + nurse.getName().toUpperCase());
Intent i = new Intent(Login.this, PatientOperations.class);
i.putExtra("objects.Nurse", nurse);
startActivity(i);
} else {
tvResult.setText("Login Failed");
}
}
}.execute();
}
};
}
After few days of trying and failing I finally found what was causing the problem. It seems that when selecting all the columns from db using SELECT * everything works fine. But when trying to use WHERE clause something goes wrong.
This works
sql = "SELECT * FROM falldb.nurse";
This doesn't
sql = "SELECT * FROM falldb.nurse WHERE username='" + username + "' AND pass='" + pass + "'";
solution is to use exact names of columns when using WHERE clause instead of using *. I changed my code to this:
sql = "SELECT idNurse,name,surname,isAdmin FROM falldb.nurse WHERE username='" + username + "' AND pass='" + pass + "'";
and now i get results.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.