0

I am currently working on a simple JDBC project and I am stuck at the login form 

 private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {                                         
    try
{
    Class.forName("com.mysql.jdbc.Driver");
    con=DriverManager.getConnection("jdbc:mysql://localhost/company","root","redhat");
    stmt=con.createStatement(); 
    String nm=jTextField1.getText();
    char[] pass=jPasswordField1.getPassword();
    String pw=Arrays.toString(pass);
    String sql="select * from login where uname='"+nm+"' and pass='"+pw+"'";
    rs=stmt.executeQuery(sql);
    if(rs.next())
     {
      new MainPage().setVisible(true);
      this.setVisible(false);
     }
    else
     {
      JOptionPane.showMessageDialog(this, "Wrong User name or password");
      jTextField1.setText("");
      jPasswordField1.setText("");

     }
}
catch(Exception e)
{
  System.out.println(e);
}
}              `

When this button is clicked a new page that I have created is to be shown ,but it shows "Wrong User name or password" message dialog. What are my mistakes? My database is in mysql.

Improve this question
3
  • try to print both values nm+" and "+pw and you will see the difference Commented Dec 12, 2016 at 8:58
  • build up your string using String.format Commented Dec 12, 2016 at 9:19
  • Your connection string is missing the port number though. Commented Dec 12, 2016 at 10:16

4 Answers 4

Reset to default
3

Error 1: Arrays.toString(char[]) will return an array representation, e.g. if the password in jPasswordField1 is password, the result is this string: [p, a, s, s, w, o, r, d]

Fix 1: Use new String(char[]) instead.

Error 2: Using string concatenation to build a SQL statement. This will make your code susceptible to SQL Injection attacks, where hackers can steal your data and delete your tables.

Fix 2: Use a PreparedStatement.

Error 3: Not releasing resources. This will lead to memory leaks.

Fix 3: Use try-with-resources.

Result:

private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {                                         
    try {
        boolean loginOk;
        Class.forName("com.mysql.jdbc.Driver");
        try (Connection con = DriverManager.getConnection("jdbc:mysql://localhost/company","root","redhat")) {
            String sql = "select * from login where uname=? and pass=?";
            try (PreparedStatement stmt = con.prepareStatement(sql)) {
                stmt.setString(1, jTextField1.getText());
                stmt.setString(2, new String(jPasswordField1.getPassword()));
                try (ResultSet rs = stmt.executeQuery(sql)) {
                    loginOk = rs.next();
                }
            }
        }
        if (loginOk) {
            new MainPage().setVisible(true);
            this.setVisible(false);
        } else {
            JOptionPane.showMessageDialog(this, "Wrong User name or password");
            jTextField1.setText("");
            jPasswordField1.setText("");
        }
    } catch(Exception e) {
        System.out.println(e);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Arrays.ToString Returns a string representation of the contents of the specified array. The string representation consists of a list of the array's elements.

In your case Instead of 

String pw = Arrays.toString(pass);

You should be using to get the password in String representation.

String pw = String.copyValueOf(pass);
Improve this answer

Comments

0

That would seem to indicate that your query returns an empty result set. What happens if you run it against the DB directly?

Also, Arrays.toString(...) will give you a String representation of the array. You probably want the contents of the array in a String - there's a difference. Try using new String(pass) instead.

Improve this answer

Comments

0

I think "Wrong User name or password" means rs is null or rs'size is 0. You should check the name and password.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.