在准备好的Statement中使用Insert并在匹配结果时检索以前的数据时重复输入

时间:2014-07-20 04:02:28

标签: java jdbc insert duplicates prepared-statement

public int addUsers(int USER_ID,String FIRST_NAME,String LAST_NAME,String PASSWORD,String             USERNAME,String USER_PERMISSION) throws SQLException {

    Connection  conn = null;

    conn = getConnectivity(conn) ;

    getConnectivity(conn);

    String sqlSelect = "SELECT * from USER_DETAILS";
    PreparedStatement pres = conn.prepareStatement(sqlSelect);
    ResultSet rs1 = pres.executeQuery(); 

        if(rs1.next()){
            String Username =   rs1.getString(5);


            System.out.println("username found "+Username);


            System.out.println("username input " + USERNAME);
            System.out.println("password input " + PASSWORD);
            if (Username.equals(USERNAME)){

                System.out.println("Username already exists");
                conn.close();
            }
            else{
                System.out.println("FOUND ELSE");
                String sql = "INSERT INTO USER_DETAILS VALUES (?,?,?,?,?,?)";
                PreparedStatement ps = conn.prepareStatement(sql);
                ps.setInt(1, USER_ID);
                ps.setString(2, FIRST_NAME);
                ps.setString(3,LAST_NAME);
                ps.setString(4,PASSWORD);
                ps.setString(5,USERNAME);
                ps.setString(6,USER_PERMISSION);
                int result = ps.executeUpdate();

                System.out.println(result);

            }

        }

    conn.close();

    return USER_ID;
}

和登录我正在使用

public boolean login(String USERNAME, String PASSWORD) throws SQLException
{
    boolean result = false;
    Connection  conn = null;

    conn = getConnectivity(conn) ;


    String sqlSelect = "SELECT * from USER_DETAILS";
    PreparedStatement pres = conn.prepareStatement(sqlSelect);
    ResultSet rs1 = pres.executeQuery(); 

    if(rs1.next()){
        String Username =   rs1.getString(5);
        String Password =   rs1.getString(4);
        String UserPermission = rs1.getString(6);

        System.out.println("username found "+Username);


        System.out.println("username input " + USERNAME);
        System.out.println("password input " + PASSWORD);

        if (Username.equalsIgnoreCase(USERNAME) && Password.equalsIgnoreCase(PASSWORD) &&     UserPermission.equalsIgnoreCase("blocked")){

            System.out.println("User Logged in");
            conn.close();
        }
        System.out.println("gets out of the code");

    }
    conn.close();
    return result;
}

首先它允许输入多个条目,因此无论我的if语句如何都会发生重复,当我添加新的新数据并尝试查看我可以登录时,它仍会与之前添加的数据进行比较,并且不行。谁能看到我在这里做错了什么。拜托,谢谢

下面是我得到的系统打印,

Connection Valid
username found kamran    (don't know why he is still picking up this column)
username input macbook   (these i have already in my database)
password input hello     (these i have already in my database)
gets out of the code   

Connection Valid
Connection Valid

username found kamran   (don't know why he is still picking up this column)
username input macho    (these i have already in my database)
password input hello    (these i have already in my database)
FOUND ELSE              (dont know why it adds data when they already exist in database)
1

1 个答案:

答案 0 :(得分:0)

您的代码没有意义:您正在查询所有用户,并且只检查第一个返回的用户是否匹配。当然,如果第一个返回的用户不匹配,那将会失败:在addUsers中,如果返回的第一个用户不匹配,您将尝试添加用户,在login中,用户只能如果是第一个用户,请登录。

您需要使用WHERE子句仅请求您要检查的用户:

// Note: this assumes a case insensitive collation
String sqlSelect = "SELECT * from USER_DETAILS WHERE username = ?";
try (PreparedStatement pres = conn.prepareStatement(sqlSelect)) {
    pres.setString(1, USERNAME);
    try (ResultSet rs1 = pres.executeQuery()) {
        if (!rs1.next) {
            // user doesn't exist yet, create...
        }
    }
}

您需要为login执行类似操作(但随后使用if (rs1.next()))。

您当前的代码存在更多问题:您正在存储明文密码:您应该使用像PBKDF2这样的强密码哈希来对它们进行哈希处理。另请遵循java命名约定。变量和参数是camelcase所以不是USERNAME而是username(或userName),而不是UserPermission,而是userPermission。这提高了习惯于java命名约定的人的可读性。