我最初使用下面的代码来验证一个有效的用户登录
public static boolean validate(String name, String password) {
boolean status = false;
try {
Connection con = DB.getConnection();
String select = "select * from Librarian where UserName= '" + name + "' and Password='"+ password +"'";
Statement selectStatement = con.createStatement();
ResultSet rs = selectStatement.executeQuery(select);
status = rs.next();
con.close();
} catch (Exception e) {
System.out.println(e);
}
return status;
}
我看到使用预处理语句更好,上面的语句容易受到SQL注入的攻击。下面是我的代码我试图使用
public static boolean validate(String name, String password) {
boolean status = false;
try {
Connection con = DB.getConnection();
PreparedStatement ps = con.prepareStatement("select * from Librarian where UserName= ? and password = ?");
ps.setString(1, name);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
con.close();
} catch (Exception e) {
System.out.println(e);
}
return status;
}
这不是验证用户,我无法访问应用程序。如有任何帮助,我将不胜感激。
您错过了status = rs.next();
public static boolean validate(String name, String password) {
boolean status = false;
try {
Connection con = DB.getConnection();
PreparedStatement ps = con.prepareStatement("select * from Librarian where UserName= ? and password = ?");
ps.setString(1, name);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
status = rs.next();
con.close();
} catch (Exception e) {
System.out.println(e);
}
return status;
}