这是一个登录表单的代码,我使用JDBC连接代码没有错误但是当我运行它时总是转到else语句
Connection con;
Statement st;
ResultSet rs;
try{
Class.forName("java.sql.Driver");
con=DriverManager.getConnection ("jdbc:mysql://localhost/database","root","password");
st=con.createStatement();
rs=st.executeQuery("select * from users;");
while(rs.next()){
String userID=rs.getString("userID");
String password=rs.getString("password");
if(userID.equals(txtuserID.getText())
&& (password.equals(txtpassword.getPassword())) {
// ***HERE IS MY PROBLEM I WANT TO CHECK IF WHATS IN THE
// TEXT FIELD OR PASSWORD FIELD IS THE SAME FROM MySQL***
JOptionPane.showMessageDialog(null,"you have logged in");
new MainForm().setVisible(true);
} else {
JOptionPane.showMessageDialog(null,"Incorrect username and password");
}
}
} catch(Exception e) {
JOptionPane.showMessageDialog(null,"Error in Connectivity: " +e.getMessage());
}
答案 0 :(得分:4)
JPasswordField getPassword()方法返回char []。在比较之前转换为String :(实际上用这些chars构造一个新的String ...)
if(userID.equals(txtuserID.getText()) &&
(password.equals(new String((txtpassword.getPassword()))) {
}
答案 1 :(得分:0)
关于chenchuk的回答,将char数组保留为char数组并且不将它们转换为String可以更加安全,可以更容易地窃取它。
所以不要像在chenchuk的回答中那样将密码&#39的char []转换为String:
if(userID.equals(txtuserID.getText()) &&
(password.equals(new String((txtpassword.getPassword()))) {
}
使用java.util.Arrays.equals(...)方法更安全:
if(userID.equals(txtuserID.getText())
&& Arrays.equals(txtpassword.getPassword(), password.toCharArray())) {
// your code goes here
}