0

我正在开发一个创建登录页面的项目。为此,我使用数据库来存储用户信息。截至目前,我的数据库中有四列:用户名、密码、电子邮件和管理员。

现在我在使用准备好的语句/结果集格式访问该数据库时遇到问题。现在我到了第三次返回,打印出推算的用户名和密码,然后生成一个错误。我是否错误地格式化了我准备好的语句?

好的,根据以前的答案,我已经更正了大部分代码(谢谢),现在当我尝试打印结果集时出现此错误:

java.sql.SQLException:列索引超出范围,2 > 1。

有任何想法吗?

我的代码:

    Properties props = new Properties();
    props.setProperty("user", "root");
    props.setProperty("password", "root");
    props.setProperty("databaseName", "dbname");

    String ret = ERROR;
    Connection myCon = null;
    try{
        System.out.println("got here 1!");
        Class.forName ("com.mysql.jdbc.Driver").newInstance();

        System.out.println("got here 2!");
        myCon = DriverManager.getConnection("jdbc:mysql://ipaddresshere:3306/dbname",props);

        System.out.println("got here 3!");
        System.out.println(username);
        System.out.println(password);
        String dbQuery = "SELECT count(*) FROM loginTestTable where username = "+username+" AND password = "+password+"";

        //PreparedStatement prep = myCon.prepareStatement(dbQuery);" 
        PreparedStatement ps = myCon.prepareStatement(dbQuery);

        ps.setString(1, username);
        ps.setString(2, password);

        ResultSet result = ps.executeQuery();
        System.out.println("got here 4!");

        while (result.next()) {
            System.out.println("got here 5!");
            ret = SUCCESS;
            System.out.println("username: "+result.getString(1)+" password: "+result.getString(2)+" email: "+result.getString(3));
            if(result.getString(4).toLowerCase()=="YES"){
                ret = "admin";
            }
        }
    }catch(Exception e){
        System.out.println("arg there be an error me matey!");
        ret = ERROR; 
    }finally{
        if(myCon!=null){
            try{
                myCon.close();
            }catch (Exception e){

            }
        }
    }
    return ret;
4

2 回答 2

1

换行:

String dbQuery = "SELECT count(*) FROM loginTestTable where username = "+username+" AND password = "+password+"";

经过:

String dbQuery = "SELECT count(*) FROM loginTestTable where username = ? AND password = ?";
于 2013-08-06T16:21:16.943 回答
1

您的代码存在多个问题:

首先,您缺少usernamepassword周围的引号。

String dbQuery = "SELECT count(*) FROM loginTestTable " +
                 "where username = '"+username+"' AND password = '"+password+"'";

其次,PreparedStatement#setString()除非您使用占位符定义查询,否则这些方法?无效

String dbQuery = "SELECT count(*) FROM loginTestTable " +
                 "where username = ? AND password = ?";

第三,您绝不能将字符串与相等==运算符进行比较。String.equals()用作_

// also note you need toUpperCase() here
"YES".equals(result.getString(4).toUpperCase());
于 2013-08-06T16:20:45.477 回答