tags:

views:

70

answers:

2
Q: 

why it checks just the last row of sql?

hi, I use this method in my database class which checks the password and yahooId ,if they were correct it allows the user to go to the next frame .I have added a lot of yahooId and password in my sql but this method just checks the last row and allows the last person to go to the next frame.would you please help me? thanks.

  public static boolean Test(String userName, String password) {
    boolean bool = false;
    Statement stmt = null;
    try {
        stmt = conn.createStatement();

        ResultSet rst = null;

        rst = stmt.executeQuery("SELECT yahooId , password FROM clienttable");


        while (rst.next()) {
            if (rst.getString(1).equals(userName) && rst.getString(2).equals(password)) {
                bool = true;
                break;
            } else {
                bool = false;
            }
        }
    } catch (SQLException ex) {
        Logger.getLogger(Manager.class.getName()).log(Level.SEVERE, null, ex);
    }
    System.out.println(bool);
    return bool;



}
+7  A: 

Don't select all the rows when you're interested in just one of them. Use a WHERE clause, which is its raison d'etre:

SELECT yahooId , password FROM clienttable WHERE yahooId=? AND password=?

If the result set is empty, authentication fails. If there's a single result, authentication succeeds. If there's more than one result, your dataset is munged (a UNIQUE index on yahooID is the proper way of preventing this).

The question marks, by the way, come from using prepared statements, if you haven't seen them before.

outis  2010-01-18 13:51:03
+1 for emphasizing that more. That was already told her in one of her previous topics. It's also *much more* memory efficient. You really don't want to copy the entire DB in Java's memory if you're interested in only one row.
BalusC  2010-01-18 13:55:01
The behaviour may be different between the SQL and Java if the username and password is supposed to be case sensitive. Need to ensure that the password and yahooId columns in the database have the correct collation.
pjp  2010-01-18 14:00:54
+1 :D i was looking at the SQL in the question and saying something is missing its shouldn't be this way
medopal  2010-01-18 14:01:17
A: 

The problem is you're reading in the whole clienttable just to find a match for a specific user.

Instead, be VERY specific with your query to only look for a specific record that matches:

SELECT yahooId, password FROM clienttable WHERE yahooid = "UserName"

If that query returns a record, then you know the user exists. You can then check the password matches what is supplied to your method (I'm hoping you're not storing the password in plain text...).

This approach, enables you if you wanted to in the future, keep track of unsuccessful logon attempts to a user's account. And is much much more performant/scalable than loop round every record to find one match.

AdaTheDev  2010-01-18 13:53:05
Also, one should prefer `PreparedStatement` to `Statement` .
trashgod  2010-01-18 15:34:33

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP