如何从数据库中检索值并将其与字符串进行比较 [英] How to retrieve value from databases and compare it to string

问题描述

喜。我想创建登录页面，只有具有管理员角色的用户才能登录。这是我的数据库：



tb_users：

user_id（PK，string）

密码



tb_user_auth：

user_id（FK，字符串）

objects_id //包含用户角色（字符串）



问题是我似乎没有从objects_id中检索任何内容所以有这样的消息：检查你的密码和用户ID。你能告诉我我的代码有什么问题吗？



我试过的：



private void cmd_loginActionPerformed（java.awt.event.ActionEvent evt）{

try {

String sql =select * from tb_users where user_id =？and密码=？;

PST = conn.prepareStatement（sql）;

PST.setString（1，txt_userid.getText（））;

PST.setString（ 2，txt_pass.getText（））;

RS = PST.executeQuery（）;

RS.close（）;





String sql2 =select * from tb_userauth;

PST = conn.prepareStatement（sql2）;

//PST.setString（1，txt_userid.getText（））;

RS = PST.executeQuery（）;

// String objek_id = null;







if（RS.next（））{

String objek =admin;

String objek_id = RS.getString（objects_id）;



if（objek_id.equals（objek） ）$



JOptionPane.showMessageDialog（null，用户ID和密码正确）;

submenu1 sm1 = new submenu1（）;

sm1.setVisible（true）;

sm1.pack（）;

sm1.setLocationRelativeTo（null）;

sm1.setDefaultCloseOperation（JFrame.EXIT_ON_CLOSE）;

this.dispose（）;

} else {

JOptionPane.showMessageDialog（null，检查你的密码和用户ID）;

}}



} catch（例外e）{

JOptionPane.showMessageDialog（null，e）;

}





}

hi. i want to create login page that only user who had role as admin can login. here is my databases :

tb_users :
user_id (PK, string)
password

tb_user_auth :
user_id (FK,string)
objects_id // contain user's role(string)

the problem is it seems like i retrieve nothing from objects_id so there's message like this : "check your password and user id". would you kindly tell me what's wrong with my code?

What I have tried:

private void cmd_loginActionPerformed(java.awt.event.ActionEvent evt) {
try{
String sql = "select * from tb_users where user_id=? and password=?";
PST=conn.prepareStatement(sql);
PST.setString(1,txt_userid.getText());
PST.setString(2, txt_pass.getText());
RS=PST.executeQuery();
RS.close();


String sql2 = "select * from tb_userauth";
PST=conn.prepareStatement(sql2);
//PST.setString(1,txt_userid.getText());
RS=PST.executeQuery();
//String objek_id = null;



if(RS.next()){
String objek = "admin";
String objek_id = RS.getString("objects_id");

if (objek_id.equals(objek)){

JOptionPane.showMessageDialog(null,"user id and password correct");
submenu1 sm1 = new submenu1();
sm1.setVisible(true);
sm1.pack();
sm1.setLocationRelativeTo(null);
sm1.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
this.dispose();
}else{
JOptionPane.showMessageDialog(null,"check your password and user id ");
} }

}catch (Exception e){
JOptionPane.showMessageDialog(null,e);
}


}

推荐答案

显而易见的答案是：用户标识和密码不匹配，因此不返回任何内容。

使用调试器，单步执行代码并检查确切地说发生了什么，以及各种变量中的内容。



但请不要这样做：永远不要以明文形式存储密码 - 这是一个主要的安全措施风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ] - 它在C＃中，但代码非常明显。

The obvious answer is: the userid and password do not match, so nothing is returned.
Use the debugger, to single step through your code and check exactly what is happening, and what is in the various variables.

But please, don't do that: Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - it's in C#, but the code is pretty obvious.

这篇关于如何从数据库中检索值并将其与字符串进行比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！