sqlite登录问题

时间:2011-04-06 08:59:04

标签: iphone objective-c sqlite

朋友我真的如此坦白我应该怎么做。 这是我的代码。

@synthesize用户名,密码;    - (void)createDatabaseIfNeeded {

BOOL success;
NSError *error;

 //FileManager - Object allows easy access to the File System.
 NSFileManager *FileManager = [NSFileManager defaultManager];

 //Get the complete users document directory path.
 NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);

 //Get the first path in the array.
 NSString *documentsDirectory = [paths objectAtIndex:0];

    //Create the complete path to the database file.
    NSString *databasePath = [documentsDirectory stringByAppendingPathComponent:@"Journeymapper.sql"];

    //Check if the file exists or not.
    success = [FileManager fileExistsAtPath:databasePath];

    //If the database is present then quit.
    if(success) return;

    //the database does not exists, so we will copy it to the users document directory]
    NSString *dbPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"Journeymapper.sql"];

    //Copy the database file to the users document directory.
    success = [FileManager copyItemAtPath:dbPath toPath:databasePath error:&error];

    //If the above operation is not a success then display a message.
    //Error message can be seen in the debugger's console window.
    if(!success)
        NSAssert1(0, @"Failed to copy the database. Error: %@.", [error localizedDescription]);
}

-(void)check
{

    //Get the database and connect to it.

    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
    NSString *documentsDirectory = [paths objectAtIndex:0];
    NSString *dbPath = [documentsDirectory stringByAppendingPathComponent:@"Journeymapper.sql"];



    //open the database
    if(sqlite3_open([dbPath UTF8String], &database) == SQLITE_OK)
    {
        //const char *sql ="select Username@'%@',Password@'%@' from userinformation";
        NSString *sql = [[NSString alloc] initWithFormat:@"select * from UserInformation where UserName='%@' and Password='%@' ",Username.text,Password.text];
        sqlite3_stmt *selectSatement;


        //Preoare the select Statment
        int returnValue = sqlite3_prepare_v2(database, [sql UTF8String], -1, &selectSatement, NULL);
        NSLog(@"%i",returnValue);
        if( sqlite3_prepare_v2(database, [sql UTF8String], -1, &selectSatement, NULL) == SQLITE_OK)
        {

            NSString *user1 = [NSString stringWithUTF8String:(char *)sqlite3_column_text(selectSatement, 0)];
            NSLog(@"%@",user1);
        }
    }
}

-(IBAction)Login
{
    [self check];
}

问题在于: - 我不确定为什么sqlite3_prepare_v2没有符合SQLITE_OK

if( sqlite3_prepare_v2(database, [sql UTF8String], -1, &selectSatement, NULL) == SQLITE_OK)

非常感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

你为什么要两次准备声明?您应该使用sqlite3_step()来评估准备好的陈述。

另外,您的代码容易受SQL injection attacks攻击。您应该使用sqlite3_bind()将参数绑定到预准备语句,而不是将use和password字符串替换为select语句。

相关问题
最新问题