我已经用Java创建了一个SQL登录系统,但是想要什么以及只允许帐户类型为1的用户访问该程序。我写的查询不断出现错误。程序的安全性并不仅仅是课程学习的问题
public void login(){
try{
int a = 0;
int b =1;
String query ="select * from Users where Login = '"+
main_menu.login_text.getText()+"' and Password='"
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +1+
"'" ;
rs =st.executeQuery(query);
System.out.println("Records from Database");
if(rs.next()){
f=2;
query ="select * from Users where Login = '"+
main_menu.login_text.getText()+"' and Password='"
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +0+
"'" ;
rs =st.executeQuery(query);
System.out.println("Records from Database");
}
else if (rs.next()){
f=1;
}
else{
JOptionPane.showMessageDialog(null, "Incorrect Username
and Password...");
con.close();}
} catch(Exception ex){
System.out.println("Error"+ex);
}
答案 0 :(得分:0)
如@ luk2302所建议,您应该更改代码。有了这些代码,您就可以轻松地破坏您的安全性。
以下是如何使其变得更好的示例:
#include <stdio.h>
int main()
{
int c; // c declared as int
while ((c = getchar()) != EOF && c != '\n'))
{
putchar(c);
}
if (c == EOF)
{
// handle errors and end of file as you see fit
}
}
现在,您只需获取刚刚恢复的数据即可获取有关用户的信息。如果未提供任何resul设置,则登录将失败。