我目前正在使用此代码进行注册:
value1 = registerEmail.getText().toString();
value2 = registerPassword.getText().toString();
value3 = registerName.getText().toString();
try{
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection(url, user, pass);
Statement st = con.createStatement();
Log.d("Connectc","executing check");
ResultSet res = st.executeQuery("SELECT * FROM user where email='"+value1+"'");
while (res.next()) {
userc = res.getString("email");
}
if (value1.equals(userc)) {
tv.setText("Email already in use!");
}
else{
Log.d("Connectc","registering");
st.executeUpdate("INSERT INTO user (email, password, name) VALUES('"+value1+"', '"+value2+"', '"+value3+"' )");
tv.setText("Data is successfully saved." );
Intent i = new Intent(getApplicationContext(),
LoginActivity.class);
startActivity(i);
finish();
Log.d("Connectl","pfffffffff");
}
是的,使用json会更好,但是我要使用这个...所以代码检查电子邮件是否存在,我还需要检查用户名是否存在,我该怎么办?我必须添加另一个SQL查询或者我可以编辑它以检查db上是否存在用户名? 感谢。
答案 0 :(得分:1)
如果存在电子邮件或用户名,这将返回行,以便您可以提示用户登录数据已存在:
ResultSet res = st.executeQuery(
"SELECT * FROM user
where email='"+value1+"'
OR username='"+ value3+"'");
答案 1 :(得分:1)
当您从用户那里获取输入时,您最好使用预准备语句。它不允许您插入任何SQL Injection
value1 = registerEmail.getText().toString();
value3 = registerName.getText().toString();
query = "SELECT * FROM user where email=? OR username=? ";
PreparedStatement st = con.prepareStatement(query); // con is active connection
st.setText(1,value1);
st.setText(2,value3);