-1 
billing.java

这是计费类,我已经完成了系统登录的编码,它在框架中完美运行,但是我输入了用户名和密码,访问数据库未被检测到。

公共类计费{

    Connection con;
    Statement st;
    ResultSet rs; 

    JFrame f = new JFrame ("User Login");
    JLabel l = new JLabel ("Username:");
    JLabel l1 = new JLabel ("Password:");
    JTextField t = new JTextField(10);
    JTextField t1 = new JTextField(10);
    JButton b = new JButton("Login");


    public billing()
    {
        connect();
        frame();
    }   

    public void connect()
    {

        try{


        String driver = "sun.jdbc.odbc.JdbcOdbc.Driver";
        Class.forName(driver);

        String db = "jdbc:odbc:dbB";
        con = DriverManager.getConnection(db) ;
        st = con.createStatement();
        }
        catch(Exception ex)
        {

        }
    }

    public void frame()
    {
    f.setSize (600,400);
    f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
    f.setVisible(true);

    JPanel p = new JPanel();
    p.add(l);
    p.add(t);
    p.add(l1);
    p.add(t1);
    p.add(b);

    f.add(p);


    b.addActionListener(new ActionListener(){

        public void actionPerformed(ActionEvent e)
        {
        try
            {
        String user = t.getText().trim();
        String pass = t1.getText().trim();

        String sql ="select user,pass from Table2 where username ='"+user+" ' and password =' "+pass+" ' ";  // sql code
        rs = st.executeQuery(sql);


        }

        abstract 
        int count = 0;
        while(rs.next())

        {
        count = count +1;
        } 

        if (count == 1) 
        {
        JOptionPane.showMessageDialog(null, "Successfully Login");
        }
        else if (count > 1)
        {
        JOptionPane.showMessageDialog(null, "Duplicate Account, Access Denied");
        }
        else 
        {
        JOptionPane.showMessageDialog(null, "User Not Found");
        }


        }
        catch (Exception ex)
        {

     }

    }
});

} 

public static void main (String[] args){

        new billing();
}

}

请帮助...这很令人困惑,我不知道我哪里出错了..

4

1 回答 1

0

您在用户名和密码字段周围有额外的空格

String sql = "select user,pass from Table2 where username ='" + user + " ' and password =' " + pass + " ' "; // sql

用。。。来代替

String sql = "select user,pass from Table2 where username ='" + user + "' and password ='" + pass + "'";

也就是说,看看使用 aPreparedStatement来防止SQL 注入攻击

于 2013-09-24T00:15:58.190 回答