Username ,Password Validation
-
I want to validate Username and Password matching from my sql Database,but it didn't work.Even if the text fields are blank it does not give any error.
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");
while (rs.next())
{
String x = tf_Fname.getText();
String pass = new String(tf_Lname.getPassword());
if (x.equals(rs.getString("Username")))
{
if (pass.equals(rs.getString("Password")))
{
JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING_MESSAGE);
//System.out.println("Logged in!");
}
else
{
JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING_MESSAGE);
// System.out.println("Password did not match username!");
}
}
}}Try this
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");rs.last(); int rowcount = rs.getRow(); if(rowcount ==0){ JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING\_MESSAGE); } else{ JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING\_MESSAGE); }}
I Love T-SQL "VB.NET is developed with C#.NET" If my post helps you kindly save my time by voting my post.
-
Try this
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");rs.last(); int rowcount = rs.getRow(); if(rowcount ==0){ JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING\_MESSAGE); } else{ JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING\_MESSAGE); }}
I Love T-SQL "VB.NET is developed with C#.NET" If my post helps you kindly save my time by voting my post.
Blue_Boy wrote:
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf\_Fname+"' AND Password ='"+tf\_Lname+"'");It is really bad form to give sample code that can lead to SQL injection[^].
Use the best guess
-
Blue_Boy wrote:
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf\_Fname+"' AND Password ='"+tf\_Lname+"'");It is really bad form to give sample code that can lead to SQL injection[^].
Use the best guess
-
Try this
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");rs.last(); int rowcount = rs.getRow(); if(rowcount ==0){ JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING\_MESSAGE); } else{ JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING\_MESSAGE); }}
I Love T-SQL "VB.NET is developed with C#.NET" If my post helps you kindly save my time by voting my post.
-
I want to validate Username and Password matching from my sql Database,but it didn't work.Even if the text fields are blank it does not give any error.
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");
while (rs.next())
{
String x = tf_Fname.getText();
String pass = new String(tf_Lname.getPassword());
if (x.equals(rs.getString("Username")))
{
if (pass.equals(rs.getString("Password")))
{
JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING_MESSAGE);
//System.out.println("Logged in!");
}
else
{
JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING_MESSAGE);
// System.out.println("Password did not match username!");
}
}
}} -
I want to validate Username and Password matching from my sql Database,but it didn't work.Even if the text fields are blank it does not give any error.
private static void selectfromdb() throws SQLException
{
Statement stmt = Connectionstring().createStatement();
ResultSet rs = stmt.executeQuery("SELECT Username,Password FROM LoginDetails where Username='"+tf_Fname+"' AND Password ='"+tf_Lname+"'");
while (rs.next())
{
String x = tf_Fname.getText();
String pass = new String(tf_Lname.getPassword());
if (x.equals(rs.getString("Username")))
{
if (pass.equals(rs.getString("Password")))
{
JOptionPane.showMessageDialog(null,"Login Successful! ","Success",JOptionPane.WARNING_MESSAGE);
//System.out.println("Logged in!");
}
else
{
JOptionPane.showMessageDialog(null,"Login UNSuccessful! ","UNSuccessful",JOptionPane.WARNING_MESSAGE);
// System.out.println("Password did not match username!");
}
}
}} -
Use your debugger to step through the code and see what values your variables contain at each stage.
Use the best guess
-
The row count is 0 when I debug it....but I'm using the same username and password what's in the database,why is it not accepting it?
chdboy wrote:
The row count is 0 when I debug it....but I'm using the same username and password what's in the database,why is it not accepting it?
I have no idea since I have no access to your system. You need to investigate further to discover what is happening.
Use the best guess
-
So the code is telling you the values are not equal. Figure out what the values are and you will see the difference. Either a debugger or a print them out. But as a guess there is a case difference. The query doesn't care but the comparison does.
-
chdboy wrote:
The row count is 0 when I debug it....but I'm using the same username and password what's in the database,why is it not accepting it?
I have no idea since I have no access to your system. You need to investigate further to discover what is happening.
Use the best guess
Now I have changed the code
PreparedStatement preparedStatement = Connectionstring().prepareStatement(
"Select Username from dbo.LoginDetails where Username = ? and Password =?");
String User = tf_Fname.getText();
String _Pass = new String(tf_Lname.getPassword());
preparedStatement.setString(1, User);
preparedStatement.setString(2, _Pass);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next())
{
System.out.println("Username is "+ resultSet.getString(1)+"Password is "+resultSet.getString(2));
}But now it's picking up the right Username from the table ,if I don't use
+"Password is "+resultSet.getString(2)
in the Print line,and if I use that I get an error
com.microsoft.sqlserver.jdbc.SQLServerException: The index 2 is out of range.
-
Now I have changed the code
PreparedStatement preparedStatement = Connectionstring().prepareStatement(
"Select Username from dbo.LoginDetails where Username = ? and Password =?");
String User = tf_Fname.getText();
String _Pass = new String(tf_Lname.getPassword());
preparedStatement.setString(1, User);
preparedStatement.setString(2, _Pass);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next())
{
System.out.println("Username is "+ resultSet.getString(1)+"Password is "+resultSet.getString(2));
}But now it's picking up the right Username from the table ,if I don't use
+"Password is "+resultSet.getString(2)
in the Print line,and if I use that I get an error
com.microsoft.sqlserver.jdbc.SQLServerException: The index 2 is out of range.
-
I guess that you need to look more closely at the contents of your
ResultSetand its individual property items. Check with your debugger and also the documentation for the classes that you are working with.Use the best guess