Question

我一直在做java项目。我遇到仪表板登录代码中的问题。我有以下登录代码。

String fieldtxtname=txtusername.getText();
String fieldtxtpw=txtpassword.getText();
String fieldtxtutype=txttypeof.getText();
try{

    Connection cnn=DriverManager.getConnection("jdbc:mysql://localhost/student","root","");
    Statement stm=cnn.createStatement();

    String sqlQuery="select username,password,typeof from tbl_user";

    ResultSet rs=stm.executeQuery(sqlQuery);

      while(rs.next()){
        String unamedb=rs.getString("username");
        String pworddb=rs.getString("password");
        String tofdb=rs.getString("typeof");
         if(fieldtxtname.equals ("")||fieldtxtpw.equals ("")||fieldtxtutype.equals ("")){
            System.out.println("The fields arenot filled properly");
            }
          else if(fieldtxtname.equals(unamedb)&&fieldtxtpw.equals(pworddb)&&fieldtxtutype.equals(tofdb)){
            System.out.println("Access granted");
            }
         else
            {
            System.out.println("Unknown username"); 
            }


      } 

}
catch(SQLException ex){
    System.out.println(ex);
}

代码工作正常，但是当授予访问权限时，它会打印为

 Access granted
    Unknown username
    Unknown username
    Unknown username
    Unknown username

类似的情况是字段为空，即它们打印五次，如下图所示。

The fields arenot filled properly
The fields arenot filled properly
The fields arenot filled properly
The fields arenot filled properly
The fields arenot filled properly

。我不知道问题的原因。请帮忙，我要提前多多感谢。

Answer 1

为什么不将where参数作为绑定变量添加到查询中的三个参数（fieldtxtname，fieldtxtpw，fieldtxtutype）！

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>       
    <script src="angular.min.js"></script>
      <script src="angular-route.js"></script>
    <title></title>
</head ng-app="myapp">
<body>
    <div>
        <a href="#/Home">Home</a>
        <a href="#/ThankYou">ThankYou</a>    
    </div>      
 <div ng-view></div>    
</body>
</html>

Answer 2

为您已发布的当前代码实现添加注释，以及如何在输出上多次克服打印。

ResultSet rs=stm.executeQuery(sqlQuery); // this is returning 5 elements

while(rs.next()) {
    String unamedb=rs.getString("username");
    String pworddb=rs.getString("password");
    String tofdb=rs.getString("typeof");
    if(fieldtxtname.equals ("")||fieldtxtpw.equals ("")||fieldtxtutype.equals ("")){
        System.out.println("The fields are not filled properly.");
        break;
// you might want to break the loop if the fields are empty in db
    } else if(fieldtxtname.equals(unamedb)&&fieldtxtpw.equals(pworddb)&&fieldtxtutype.equals(tofdb)) {
        System.out.println("Access granted");
        break;
// you might want to break the loop once the username, passwrod is found for access to be granted
    } else {
        System.out.println("Unknown username"); // just to display information
    }
}

PS - 理想情况下，对于用户名和密码的唯一组合，我希望它只返回1个元素。

编辑 - 要使用PreparedStatement在不使用循环的情况下解决上述问题，请查看answer from @Arvind

Answer 3

您必须在身份验证之前执行验证，即在连接到数据库之前检查用户是否填写了所有必填字段。

String fieldtxtname=txtusername.getText();
String fieldtxtpw=txtpassword.getText();
String fieldtxtutype=txttypeof.getText();
//validation
if(fieldtxtname.isEmpty()||fieldtxtpw.isEmpty()||fieldtxtutype.isEmpty()){
  System.err.println("All fields are mandatory !");
}else{
  //authentication
  try{
    Connection cnn=DriverManager.getConnection("jdbc:mysql://localhost/student","root","");

    //just get one row based user input, why to get same column values, when user is gonna give same input?
    String sqlQuery="select 1 from tbl_user where username=? and password=? and typeof=?";

    // Prefer `PreparedStatement` over `Statement`, when you have runtime values for sql queries, this for avoiding SQL injection
    PreparedStatement ps = cnn.prepareStatement(sqlQuery);
    ps.setString(1,fieldtxtname);
    ps.setString(2,fieldtxtpw);
    ps.setString(3,fieldtxtutype);
    ResultSet rs=ps.executeQuery();

    if(rs.next()){//no need of loop
        System.out.println("Access Granted ...");
    }else{
        System.err.println("Access Denied !");
    }

    rs.close();
    ps.close();
    cnn.close();
  }catch(SQLException e){
    e.printStackTrace(System.err);
  }
}

Answer 4

您需要在查询中使用where条件。它可以帮助您快速执行查询，比如没有条件。

String fieldtxtname=txtusername.getText();
String fieldtxtpw=txtpassword.getText();
String fieldtxtutype=txttypeof.getText();
    if(fieldtxtname.equals ("")||fieldtxtpw.equals ("")||fieldtxtutype.equals ("")){
        System.out.println("The fields are not filled properly");
    }else{
    try{
        Connection cnn=DriverManager.getConnection("jdbc:mysql://localhost/student","root","");
        Statement stm=cnn.createStatement();
        String sqlQuery="select username,password,typeof from tbl_user where username="+fieldtxtname+",password="+fieldtxtpw+",typeof="+fieldtxtutype;
        ResultSet rs=stm.executeQuery(sqlQuery);
        boolean flag=true;
        while(rs.next()){
            flag=false;
            System.out.println("Access granted");
        } 
        if(flag){
            System.out.println("Unknown username"); 
        }
    }
    catch(SQLException ex){
        System.out.println(ex);
    }
}

Java仪表板登录错误

4 个答案: