java 通过与数据库中的用户详细信息进行比较来进行用户登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11015023/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
User login by comparing with user details in database
提问by emrys
I would like to ensure that when a user enters username & password, authentication is done by checking if input matches some row in the user table. Here is the code so far: It allows only the first user in the database to login. Please suggest how I can set it right. Thanks
我想确保当用户输入用户名和密码时,通过检查输入是否与用户表中的某行匹配来完成身份验证。这是到目前为止的代码: 它只允许数据库中的第一个用户登录。请建议我如何正确设置。谢谢
private class thehandler implements ActionListener {
@Override
public void actionPerformed(ActionEvent ae) {
String namevalue = usertext.getText();
String pwdvalue = pwdtext.getText();
//read values from user table in sql database
try {
Class.forName("com.mysql.jdbc.Driver");
String conUrl = "jdbc:mysql://localhost/hall?" +
"user=root&password=blend";
Connection con = DriverManager.getConnection(conUrl);
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM user");
while(rs.next()) {
if(namevalue.equals(rs.getString("userName")) && pwdvalue.equals(rs.getString("password"))) {
JOptionPane.showMessageDialog(null, "You are logged in",
"Makhall login", JOptionPane.INFORMATION_MESSAGE);
//move on to homepage if user is valid
homePage home = new homePage();
home.setAlwaysOnTop(rootPaneCheckingEnabled);
}
else {
JOptionPane.showMessageDialog(null, "Incorrect username or password",
"Error", JOptionPane.ERROR_MESSAGE);
}
break;
}
}
catch (SQLException e) {
System.out.println("SQL Exception: "+ e.toString());
}
catch (ClassNotFoundException cE) {
System.out.println("Class Not Found Exception: "+ cE.toString());
}
}
}
回答by duffymo
Sorry, I think this is awful code. You have everything mingled together: UI, database connection, querying, etc. Java's an object-oriented language. One of the tenants of good object design is cohesion: have a class do one thing well.
抱歉,我认为这是糟糕的代码。您将所有内容混合在一起:UI、数据库连接、查询等。Java 是一种面向对象的语言。良好的对象设计的租户之一是凝聚力:让一个班级做好一件事。
Start by separating your database querying into a data access object. Get it working, test it, and let other clients simply use it. You'll build up your complex solution by letting simpler objects collaborate.
首先将您的数据库查询分离为一个数据访问对象。让它工作,测试它,然后让其他客户简单地使用它。您将通过让更简单的对象协作来构建复杂的解决方案。
Your immediate problem is that your SELECT needs a WHERE clause: WHERE username = ?.
你眼前的问题是,你需要选择一个WHERE子句:WHERE username = ?。
You only want to check the password for the user at hand.
您只想检查手头用户的密码。
That question mark is deliberate: use PreparedStatement, not Statement.
这个问号是故意的:使用 PreparedStatement,而不是 Statement。
回答by JB Nizet
You're selecting allthe users from the database. Don't ever do this. Instead, select the user which has the given login. If it exists, check the password. If it doesn't exist, then the login itself is incorrect.
您正在从数据库中选择所有用户。永远不要这样做。相反,选择具有给定登录名的用户。如果存在,请检查密码。如果它不存在,则登录本身不正确。
Also:
还:
- separate database access code from UI code. Those should be in separate classes.
- don't store plain text password in a database. Salt them, hash them, and to check a password, salt the password, hash it, and compare it to the salted-and-hashed password stored in the database.
- 将数据库访问代码与 UI 代码分开。那些应该在不同的类中。
- 不要将纯文本密码存储在数据库中。对它们加盐,对它们进行散列,然后检查密码,对密码加盐,散列,然后将其与存储在数据库中的加盐和散列密码进行比较。
回答by Priyadarshan Vijay
I also made the same program. See here:
我也做了同样的程序。看这里:
String m=jt1.getText();
String n= new String(jt2.getPassword());
try{
Connection con = DriverManager.getConnection("jdbc:mysql://localhost/darshanproject","root","");
Statement st = con.createStatement();
String q="select * from emp where UID='"+m+"'";
ResultSet rs=st.executeQuery(q);
rs.next();
String user, pass;
user =rs.getString("UID");
pass =rs.getString("password");
{ if(m.compareTo(user)==0)
if(n.compareTo(pass)==0)
System.out.println("login Success");
else
System.out.println("Wrong Password");
}
}catch(Exception ex){
System.out.println(ex);
}
