從數據庫驗證用戶身份

Question

請幫我解決這個程序中的錯誤。問題是，即使我使用正確的用戶名和密碼，我也無法創建經過驗證的登錄名。

public class LoginDao { 
public static boolean CheckUser(String Username,String Password) 
{ 
    boolean st =false; 
    String dbUsername, dbPassword; 

    try{ 


    Class.forName("com.mysql.jdbc.Driver"); 


    Connection con=DBConnection.getConnection(); 

     String qry ="select *user where Username=? and Password=?"; 
     PreparedStatement pst = con.prepareStatement(qry); 
    //pst.setString(1, Username); 
    //pst.setString(2, Password); 
    pst.executeQuery(qry); 



     ResultSet rs = pst.getResultSet(); 

     while(rs.next()){ 
      dbUsername = rs.getString("Username"); 
      dbPassword = rs.getString("Password"); 

      if(dbUsername.equals(Username) && dbPassword.equals(Password)){ 
       System.out.println("Welcome"); 
       st = true; 
      } 

     } 
    } 

    catch(Exception e) 
    { 
     e.printStackTrace(); 
    } 



return st; 

} 
} 

Answer 1

檢查您的SQL查詢？您在*和user之前缺少FROM。您還需要在使用PreparedStatement時設置參數，將它們註釋掉。

UPDATE

試試這個：

public class LoginDao { 
    public static boolean CheckUser(final String username, final String password) { 
    final String qry ="SELECT * FROM user WHERE Username=? AND Password=?"; 
    Connection con = null; 
    PreparedStatement pst; 
    ResultSet rs = null; 

    try { 
     Class.forName("com.mysql.jdbc.Driver"); 
     con = DBConnection.getConnection(); 
     pst = con.prepareStatement(qry); 
     pst.setString(1, username); 
     pst.setString(2, password); 
     pst.executeQuery(qry); 
     rs = pst.getResultSet(); 
     // Notice I changed the 'while' by 'if' 
     if (rs.next()) { 
     return (username.equals(rs.getString("Username")) && password.equals(rs.getString("Password"))); 
     } 
    } catch (final Exception e) { 
     e.printStackTrace(); 
    } finally { 
     // close/release (database resources) 'con', 'pst', 'rs' here 
    } 
    return false; 
    } 
}