Re: How to make getText() return the result in case sensitive ?
On Sep 30, 10:28 pm, Stefan Rybacki <noem...@noemail.foobar> wrote:
tobleron schrieb:
On Sep 30, 7:54 pm, Roland de Ruiter
<roland.de.rui...@example.invalid> wrote:
On 30-9-2008 9:16, Stefan Rybacki wrote:
Tom Anderson schrieb:
On Mon, 29 Sep 2008, tobleron wrote:
...
As far as i know, case sensitivity is database-specific. There will =
be
special commands in your database's dialect of SQL to control it.
If I remember correct for MySQL it was the BINARY keyword.
Exactly:
SELECT "abc" = "ABC"
-> 1
SELECT "abc" = BINARY "ABC"
-> 0
Other than that I agree with the "use prepared statements" as well as
"don't store your password in plain text" comments.
Stefan
I agree.
--
Regards,
Roland
Hi, I've tried to follow all of your suggestion, but my program always
result to the else statements of the if selection, whatever values
that inputted through the form. Here is my code :
@Action public void dologin() {
String url = "jdbc:mysql://localhost:3306/dicom?
jdbcCompliantTruncation=false";
Connection con;
PreparedStatement passwordLookup ;
try {
Class.forName("com.mysql.jdbc.Driver");
} catch(java.lang.ClassNotFoundException e) {
System.err.println(e);
}
try {
con = DriverManager.getConnection(url, "root"=
, "");
String sql = "SELECT * FROM user WHERE userid=
= '"+
UserIDTxt.getText() +"' AND passwd = '"+ PasswdTxt.getSelectedText()
+"'";
You are not using the prepared statement properly.
This way it is no use at all. Try to build your sql statement like this:
String sql="SELECT * FROM user WHERE userid = ? AND passwd = ?";
Also add the BINARY keyword as suggested, this way you don't need the wor=
karound.
String sql="SELECT * FROM user WHERE userid = BINARY ? AND passwd ==
?";
passwordLookup = con.prepareStatement(sql);
here you replace the question marks with the actual values
passwordLookup.setString(1, UserIDTxt.getText());
passwordLookup.setString(2, PasswordTxt.getText());
I just saw you are not following the naming conventions. Variable names s=
hould
start with a lower character therefore userIDTxt and passwordTxt in your =
case.
ResultSet result = passwordLookup.executeQuer=
y();
...
Hope that helps
Stefan
Hi, I already changed the code into this :
@Action public void dologin() {
String url = "jdbc:mysql://localhost:3306/dicom?
jdbcCompliantTruncation=false";
Connection con;
PreparedStatement passwordLookup ;
try {
Class.forName("com.mysql.jdbc.Driver");
} catch(java.lang.ClassNotFoundException e) {
System.err.println(e);
}
try {
con = DriverManager.getConnection(url, "root", "");
String sql = "SELECT * FROM user WHERE userid = BINARY ?
AND passwd = ?";
passwordLookup = con.prepareStatement(sql);
passwordLookup.setString(1, UserIDTxt.getText());
passwordLookup.setString(2, PasswdTxt.getSelectedText());
ResultSet result = passwordLookup.executeQuery();
if (result.first()) {
String dbUsername = result.getString(1) ;
String dbPassword = result.getString(2) ;
if ((dbUsername.equals(UserIDTxt.getText())) &&
(dbPassword.equals(PasswdTxt.getSelectedText()))){
setVisible(false);
if (ECGMenuBox == null) {
JFrame mainFrame =
Main.getApplication().getMainFrame();
ECGMenuBox = new ECGMenu(mainFrame);
ECGMenuBox.setLocationRelativeTo(mainFrame);
}
Main.getApplication().show(ECGMenuBox);
}
else {
setVisible(false);
if (LoginWarningBox == null) {
JFrame mainFrame =
Main.getApplication().getMainFrame();
LoginWarningBox = new
LoginWarning(mainFrame);
LoginWarningBox.setLocationRelativeTo(mainFrame);
}
Main.getApplication().show(LoginWarningBox);
}
}
else {
setVisible(false);
if (LoginWarningBox == null) {
JFrame mainFrame =
Main.getApplication().getMainFrame();
LoginWarningBox = new
LoginWarning(mainFrame);
LoginWarningBox.setLocationRelativeTo(mainFrame);
}
Main.getApplication().show(LoginWarningBox);
}
result.close();
con.close();
} catch(SQLException e) {
System.err.println(e);
}
}
But it still produce result in the else statements, whatever values
were given (even when I left them blank). BTW, UserIDTxt and PasswdTxt
are swing components. Shoul I change it into userIDTxt and passwdTxt ?