Check username and password in java DataBase and give wrong password message if false

StackOverflow https://stackoverflow.com/questions/20074897

Question

i want to display an error wrong username & password after comparing entered username and password with database of users in java.

the problem is it does the if else statement against each row until it gets to the right row b4 displaying "username and password correct" but i want it to check against all and if it doesn't exist then it displays "Please Check Username and Password "

note: please ignore the naming convention the problem is in the arrangement of the while, if and any other recommended loop statements but i am not sure on how to organise it to get my desired result

here is my code with comments

 public void displayUsers(String f, String s) {
        try {
            String queryString = "SELECT SName, SPwd FROM staff";
            ResultSet results = Statement.executeQuery(queryString);

            while (results.next()) {
            String staffname = results.getString("snameeee");
            String password =  results.getString("SPwd");

               if ((f.equals(staffname)) && (s.equals(password))) {

                  JOptionPane.showMessageDialog(null, "Username and Password exist");  
            }else {

             //JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
            }
            results.close();
        } catch (SQLException sql) {

            out.println(sql);
        }
Was it helpful?

Solution 2

First don't store password in plain text.Secondly loading all records is very wrong approach of doing above code.

   public void displayUsers(String f, String s) {
    try {
        String queryString = "SELECT * FROM staff where SName=? and SPwd=?";
        //set this values using PreparedStatement
        ResultSet results = ps.executeQuery(queryString); //where ps is Object of PreparedStatement

        if(!results.next()) {

              JOptionPane.showMessageDialog("Wrong Username and Password.");  
        }

    } catch (SQLException sql) {

        out.println(sql);
    }finally{
      //closing ResultSet,PreparedStatement and Connection object
    }

OTHER TIPS

No, what you are doing is wrong.

Loading all records is not good practice to check credentials.

Pass username parameter to your query and check in database.

1)If no user exists, tell username not exists.

2)If user exists then check password of with existed database user password.

using flag you can solve this problem easily. like this..

public void displayUsers(String f, String s) {
    boolean flag = false;
    try {
        String queryString = "SELECT SName, SPwd FROM staff";
        ResultSet results = Statement.executeQuery(queryString);

        while (results.next()) {
        String staffname = results.getString("SName");
        String password =  results.getString("SPwd");

           if ((f.equals(staffname)) && (s.equals(password))) {
              flag = true;
              JOptionPane.showMessageDialog(null, "Username and Password exist");  
        } 
        results.close();
        if(!flag){
               JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
        }
    } catch (SQLException sql) {

        out.println(sql);
    }

if (username.length()>0 && password.length()>0)
{
    String query = "Select * from adminlogin Where Username='" + username + "' and Password='" + password + "'";

    rs = sta.executeQuery(query);

   if (rs.next()) 
   {

        home hme=new home();
        this.setVisible(false);
        hme.setVisible(true);
   } 
   else 
   {
       JOptionPane.showMessageDialog(null,"username and password are wrong ");
   }
}
else
{
      JOptionPane.showMessageDialog(null,"please field username and password ");
}

You can use:

    boolean exist = false;
    String queryString = "SELECT SName, SPwd FROM staff";
    ResultSet results = Statement.executeQuery(queryString);
    while (results.next()) {
    String staffname = results.getString("SName");
    String password =  results.getString("SPwd");

       if ((f.equals(staffname)) && (s.equals(password))) {
          exist = true;
          JOptionPane.showMessageDialog(null, "Username and Password exist");  
       }
    } 
    results.close();
    if(!exist){
           JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
    }

But you should use this:

    String queryString = "SELECT SName, SPwd FROM staff where SName=? and SPwd=?";
    ps = con.prepareStatement(queryString);
    ps.setString(1,f);
    ps.setString(2,s);
    ResultSet results = ps.executeQuery();

    if (results.next()) {
        JOptionPane.showMessageDialog(null, "Username and Password exist");  
    }else{
         JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
    } 
    results.close();
    con.close();

        String queryString =" select count(*) as \"exists\" from credit where username=? and password=?";
        //set this values using PreparedStatement
        ps = con.prepareStatement(queryString);
        ps.setString(1,f);
        ps.setString(2,s);
        ResultSet results = ps.executeQuery(); 

        if (results.next()) {
               int i = results.getInt("exists");
          if(i==1)
            {
                JOptionPane.showMessageDialog(null, "Username and Password exist");  
            }
            else{
                 JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
            }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top