[英]retrieving username and password in java from mysql
請幫助我想知道如何比較mysql數據庫中文本字段中用戶輸入的用戶名和密碼.....我正在使用netbeans IDE, 這是我的代碼:
String a,b;
a=txtusername.getText();
b=new String(txtpassword.getPassword());
try
{
Class.forName("java.sql.DriverManager");
Connection conn=(Connection) DriverManager.getConnection
("jdbc:mysql://localhost:3306/project","root","pizza123");
Statement stmt=(Statement) conn.createStatement();
String query1="select username from userdata where username='"+a+"';";
String query2="select password from userdata where password='"+b+"';";
ResultSet rs1=stmt.executeQuery(query1);
ResultSet rs2=stmt.executeQuery(query2);
if(a.equals(rs1.getString(query1)) || b.equals(rs2.getString(query2)))
{
close();
tickets x= new tickets();
x.setVisible(true);
}
else
{
JOptionPane.showMessageDialog(this,"Username or Password is incorrect");
}
}
catch(ClassNotFoundException | SQLException | HeadlessException e)
{
JOptionPane.showMessageDialog(this, e.getMessage());
}
}
發送查詢到數據庫
SELECT * FROM userdata WHERE username = @username, password = @password;
用戶參數,用於添加@username and @ password
的值,否則可以使用sql注入。 如果被感染的行> 0,那么您將成功登錄
語句rs1.getString(query1)和rs2.getString(query2)無法工作。 從結果集對象中,您可以使用列索引或列名稱檢索其當前行值。 在您的情況下,您可能已經編寫了rs1.getString(“ username”)或rs1.getString(1),因為在JDBC世界中,索引始於一個。
無論如何,更好的解決方案可能是
String a,b;
a = txtusername.getText();
b = new String(txtpassword.getPassword());
PreparedStatement statement = null;
Connection conn = null;
try {
Class.forName("java.sql.DriverManager");
Connection conn=(Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/project","root","pizza123");
String query = "select * from userdata where username = ? and password = ?";
statement = conn.prepareStatement(query);
statement.setString(1, a);
statement.setString(2, b);
ResultSet rs = statement.executeQuery();
//check if you have found a valid row
if(rs.next()) {
close();
tickets x= new tickets();
x.setVisible(true);
} else {
JOptionPane.showMessageDialog(this,"Username or Password is incorrect");
}
} catch(ClassNotFoundException | SQLException | HeadlessException e) {
JOptionPane.showMessageDialog(this, e.getMessage());
} finally {
try {
if(statement != null)
statement.close();
} catch (SQLException ex) {
ex.printStackTrace();
}
try {
if(conn != null)
conn.close();
} catch (SQLException ex) {
ex.printStackTrace();
}
}
}
此解決方案使用PreparedStatement防止SQLInjection攻擊。 確保使用finally塊釋放語句和連接。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.