我已经在Java中创建一个SQL登录系统,但想什么,只让人们与帐户类型1访问程序。我写的查询保持上来的错误。该方案的安全不是一个问题,因为它只是FOR课程
public void login(){
try{
int a = 0;
int b =1;
String query ="select * from Users where Login = '"+
main_menu.login_text.getText()+"' and Password='"
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +1+
"'" ;
rs =st.executeQuery(query);
System.out.println("Records from Database");
if(rs.next()){
f=2;
query ="select * from Users where Login = '"+
main_menu.login_text.getText()+"' and Password='"
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +0+
"'" ;
rs =st.executeQuery(query);
System.out.println("Records from Database");
}
else if (rs.next()){
f=1;
}
else{
JOptionPane.showMessageDialog(null, "Incorrect Username
and Password...");
con.close();}
} catch(Exception ex){
System.out.println("Error"+ex);
}
正如@ luk2302建议,你应该改变你的代码。与该代码,您能够轻易的破坏你的安全。
下面是如何使它更好的例子:
PreparedStatement pst = null;
String sql = "SELECT * FROM login where username=? and password=?";
pst = con.prepareStatement(sql);
pst.setString(1,user);
pst.setString(2,pass);
ResultSet rs = pst.executeQuery();
现在,你可以得到你刚刚恢复,以获取有关用户的信息数据。如果没有resul集给出,登录就会失败。