参数索引超出范围（1>参数个数，为0） [英] Parameter index out of range(1> number of parameters, which is 0)

问题描述

参数索引超出范围（1>参数个数，为0）



我尝试过：



这是我的代码。表用户包含3行。有用户名和密码。它给我的错误如下：

Parameter index out of range(1> number of parameters,which is 0)

What I have tried:

This is my code.The table users contains 3 rows.having username and password.It is giving me the error as:

java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0). 

String DRIVER = "com.mysql.jdbc.Driver"; 
Class.forName(DRIVER).newInstance(); 
String url="jdbc:mysql://localhost:3306/regis?user=root&password=fraze"; 
Connection Conn = DriverManager.getConnection(url); 


String strSQL = "select username,password from users where username like '%s'; 

PreparedStatement statement = Conn.prepareStatement(strSQL); 
statement.setString(1, user); 
statement.setString(2, pass); 
ResultSet Rs= statement.executeQuery(strSQL); 

if(myRs.next()){ 
out.println("Login Succesful! A record with the given user name and password exists"); 
} else { 
out.println("Login Failed. No records exists with the given user name and password"); 
} 
statement.close();

我想要如果输入的用户名和密码是否正确，请与数据库进行核实。任何人都可以建议做出适当的更改。

I want to verify with the database if the username and password entered are correct or not. Could any one suggest as what would be appropriate changes that are to be made.

推荐答案

我昨天在你的问题中解释了你需要做什么，甚至给你链接到Select子句的文档。那你为什么现在这样做呢？您需要执行以下操作：

- 创建一个SELECT子句以在此用户标识的数据库中查找记录，而不是像此一样的用户标识，但只有这一个。

- 如果找到了用户标识，则创建密码的盐渍哈希（我昨天给你的链接）并将其与数据库中的密码进行比较。

- 如果这两个测试都成功，那么继续，你有一个有效的登录。



- 如果找不到用户标识，或者密码不匹配，则拒绝登录尝试。但是不要告诉用户密码错误，这会给黑客提供太多信息。

I explained what you need to do in your question yesterday, and even gave you the link to the documentation for the Select clause. So why are you now doing it another incorrect way? You need to do the following:
- Create a SELECT clause to find the record in the database for this userid, not userids that are like this one, but only this exact one.
- If the userid is found then create a salted hash of the password (link I gave you yesterday) and compare that with the one in the database.
- If both those tests succeed then continue, you have a valid login.

- If the userid is not found, or the passwords do not match then reject the login attempt. But do not tell the user that the password is wrong, that gives hackers too much information.

这篇关于参数索引超出范围（1>参数个数，为0）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！