Re: [Help] How to make getText() return the result in case sensitive
?
On Mon, 29 Sep 2008, tobleron wrote:
Hi, I have an SQL statement like this :
"SELECT * FROM user WHERE userid = '"+ UserIDTxt.getText() +"' AND
passwd = '"+ PasswdTxt.getText() +"'"
Firstly, don't do that. Use a PreparedStatement. It's cleaner, more
efficient, and most importantly, protects against SQL injection attacks
and bugs. You should basically never be constructing an SQL string in an
app, unless you have a very good reason indeed.
Like so:
// do this in your setup code
PreparedStatement passwordLookup = conn.prepareStatement("SELECT * FROM user WHERE userid = ? AND passwd = ?") ;
// do this to look up the password
// you MUST NOT let multiple threads execute this code at once: use a
// synchronized block if that might happen
passwordLookup.setString(1, UserIDText.getText()) ;
passwordLookup.setString(2, PasswdText.getText()) ;
ResultSet result = passwordLookup.executeQuery() ;
and I have an if statement to make selection, whether the userID and
password which are supplied in the form are equal to MySQL data or not.
The datas in MySQL are "test" for userID field and "myecg" for password
field.
When I fill the UserIDTxt with "Test" and passwd with "myecg", or with
other configuration like "TEST" and "MyECG", the result in the if
statement produce "OK" sign. But I want to make it case sensitive. Only
"test" and "myecg" should be produce "OK" sign. How to do it ?
As far as i know, case sensitivity is database-specific. There will be
special commands in your database's dialect of SQL to control it.
However, what you can do in java is to look at the data returned. The
contents of the fields as given in the ResultSet should be the right case
- the case they're actually in in the database. That means you just have
to do a case-sensitive comparison in java. Here you go:
public class PasswordChecker {
private PreparedStatement passwordLookup ;
public PasswordChecker(Connection conn) throws SQLException {
passwordLookup = conn.prepareStatement("SELECT * FROM user WHERE userid = ?") ;
}
public boolean checkPassword(String username, String password) throws SQLException {
passwordLookup.setString(1, username) ;
ResultSet results = passwordLookup.executeQuery() ;
try {
while (results.next()) {
String dbUsername = results.getString(1) ;
String dbPassword = results.getString(2) ;
if ((dbUsername.equals(username)) && (dbPassword.equals(password))) return true ;
}
return false ;
} finally {
results.close() ;
}
}
}
tom
--
I am predictable. I worry about this, but then I think, "I am predictable
but right, so I don't care." -- coffeeandink