密码成功更新但无法在登录表单中使用任何想法java?

时间:2016-11-27 16:21:13

标签: java database

更新按钮中的代码

    String password = new String(oldPass.getPassword());
    String newPassword = new String(newPass.getPassword());
    String realpass = zz.getText();
    String us = z.getText();

  if(password.equals(realpass))
            {
                System.out.println("ok");
           String query = "UPDATE user SET password = '"+newPassword+"' WHERE username = '"+us+"'";

           try{
 Statement st = (Statement) con.prepareStatement(query);
      int i = st.executeUpdate(query);
      if(i!=0){
          JOptionPane.showMessageDialog(null, "Your password is successfully changed!");
      }
      else{
       JOptionPane.showMessageDialog(null, "Ooopps! I guess you should call your programmer. ^^");
      }

  }catch(Exception e){
      System.out.println(e);
  }

}

登录时的代码

    Methods m = new Methods();
    String pass = new String (password.getPassword());
    String user = username.getText();



     if(m.logInUser(user, pass)==true){

form2 f = new form2();
f.setUser(user);
f.setPass(pass);
f.setVisible(true);

 this.dispose();
                }....and so on....

用户

中方法登录的代码 
   public boolean logInUser(String user, String pass){ //true = nakarecord na sa database login form
    try{

        String query = "Select * from user where username = ? && password = aes_encrypt('"+pass+"', 'nicanor')";
        PreparedStatement pst = (PreparedStatement) con.prepareStatement(query);
        pst.setString(1,user);
        ResultSet rs = pst.executeQuery();

        if(rs.next()){
            return true;
        }
        else{
            return false;
        }

    }
    catch(Exception e){
        System.out.println(e);
        return false;
    }
}//logInUser

它表示在sql中成功连接并且数据库已更新,但我无法看到输入更新密码后应弹出的下一个表单

1 个答案:

答案 0 :(得分:1)

您的代码几乎没有问题:

(1)在您的update()逻辑中,您正在使用PreparedStatementStatement的混合,而是始终使用PreparedStatement绑定输入参数,否则它们(语句/查询)容易发生SQL注入攻击

您可以使用内联注释引用以下代码,以使用PreparedStatement

绑定输入参数 
    //Write the SQL query with ? to bind the parameters in PreparedStatement
    String query = "UPDATE user SET password = ? WHERE username = ?";
    PreparedStatement pstmt = null;

    try{
      //create the PreparedStatement object
      pstmt = con.prepareStatement(query);

      //bind the input parameters using setString()
      pstmt.setString(1, newPassword);
      pstmt.setString(2, us);

      //execute the prepare statement now
      int i = pstmt.executeUpdate(query);

      if(i!=0){
          JOptionPane.showMessageDialog(null, "Your password 
                                      is successfully changed!");
      }
      else{
       JOptionPane.showMessageDialog(null, 
              "Ooopps! I guess you should call your programmer. ^^");
      }

  } catch(Exception e){
      System.out.println(e);
  } finally {
        if(pstmt != null)
              pstmt.close();
        if(con != null)
              con.close();
  }

此外,请记住,数据库资源成本很高,您需要close finally块中的资源,如上所示,否则您将最终导致资源泄漏。

(2)在您的logInUser()逻辑中,您正在使用&&这是不正确的,而在sql中你需要使用 AND 运算符,如下所示:

String query = "Select * from user where username = ? 
AND password = aes_encrypt('"+pass+"', 'nicanor')";
相关问题
最新问题