我正在尝试创建一个java程序来检查我的数据库的用户名和密码,目前代码抛出一个错误说明:
此行有多个标记
- 对于参数类型java.lang.String,java.lang.String
,运算符*未定义- 令牌上的语法错误"传递密码",*预期
这是代码:
public class Authenticate {
public static void AuthorizeUser(String passedusername, char[] passedpassword) {
DBConnector.Connect();
Statement stmt = null;
try {
if (passedusername != null && passedpassword !=null) {
String sql = "Select * from users_table Where username='" + passedusername + "' and password='"passedpassword "'";
ResultSet rs = stmt.executeQuery(sql);
if( rs.next()){
//in this case enter when at least one result comes it means user is valid
System.out.println("user valid");
} else {
//in this case enter when result size is zero it means user is invalid
System.out.println("User Fraudulent");
}
}
//You can also validate user by result size if its comes zero user is invalid else user is valid
} catch (SQLException err) {
System.out.println(err.getMessage());
}
DBConnector.Close();
}
}
我知道这可能是一个小而简单的错误,但我对JBDC和java来说相当新,我无法理解。
编辑:已解决的问题缺少两个+。在更正原始错误时,由于stmt为null,因此抛出NullPointerException错误。这将在稍后修复,因为我正在努力解决由于将stmt定义为:
而导致的错误Statement stmt = null;
conn = DBConnector.conn;
给出的错误是:
类型不匹配:无法从java.sql.Statement转换为com.mysql.jdbc.Statement
我也被告知我应该使用PreparedStatement来阻止sql注入
答案 0 :(得分:2)
请试试这个
您应该在passedpassword
'"+ +"'"
String sql = "Select * from users_table Where username='" + passedusername + "' and password='"+passedpassword+"'";