我正在尝试使用MySQL验证用户名和密码。但它不起作用。我找不到问题所在。有人能帮我修一下吗?
private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {
String user = jTextField1.getText();
char[] pass = jPasswordField1.getPassword();
try
{
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/JEREN","root","");
Statement stat = con.createStatement();
String sql = "Select * from tbl_User Where username='" + user + "' and password='"+pass+"'";
rs = stat.executeQuery(sql);
while (rs.next())
{
if (user.equals(rs.getString("username")))
{
if (pass.equals(rs.getString("password")))
{
JOptionPane.showMessageDialog(null,"Login Successfully");
main.getWindows();
}
else
{
JOptionPane.showMessageDialog(null,"Incorrect Password");
}
else
{
JOptionPane.showMessageDialog(null,"Incorrect Login");
}
}
stat.close();
con.close();
}
catch (SQLException | HeadlessException e)
{
//e.printStackTrace();
JOptionPane.showMessageDialog(null,"PROBLEM OCCURED !!!! ");
}
catch (ClassNotFoundException ex) {
Logger.getLogger(Users.class.getName()).log(Level.SEVERE, null, ex);
}
// TODO add your handling code here:
}
实际上,我认为它不是用用户名和密码检查数据库中的条目。我说的对吗?
发布于 2013-12-31 19:05:51
首先,选择by username
,然后对用户输入的密码进行散列,检查它是否与数据库中的散列密码匹配。我建议使用SHA-2
之类的工具
我还建议您编写类来处理您的代码,即User
类。你也忘了关闭你的ResultSet
还有一件事,使用PreparedStatement
发布于 2013-12-31 19:08:17
您正在检查密码和用户名是否匹配2次。
String sql = "Select * from tbl_User Where username='" + user + "' and password='"+pass+"'";
在这里,您已经检查了密码和用户,首先应该检查密码是否未存储为MD5或任何其他散列类型
在那之后,你只需要检查它是否像@Prabhakaran那样返回任何行
发布于 2013-12-31 19:07:31
像这样做
Statement stat = con.createStatement();
user = user.toLowerCase();
pass = pass.toLowerCase();
String sql = "Select * from tbl_User Where LOWER(username)='" + user + "' and LOWER(password)='"+pass+"'";
rs = stat.executeQuery(sql);
if(rs.next())
{
JOptionPane.showMessageDialog(null,"Login Successfully");
main.getWindows();
}
else
{
JOptionPane.showMessageDialog(null,"Incorrect Login");
}
https://stackoverflow.com/questions/20856302
复制相似问题