•  09-07-2023
  •  | 
  •  

Question

Hey guys I have a weird problem , if I enter my correct credentials from my database I GET AN ERROR, if I enter the wrong credentials everything is okay.

Exception in thread "main" java.sql.SQLException: Column 'username' not found.
This error occurs when I enter the correct credentials

Also I have another problem, my passwords are encrypted with MD5 and I have no idea how to write that into my SELECT , tried this but without any success.

 resultSet = statement.executeQuery("SELECT password FROM cards.username WHERE username = '" + username + "' && password = 'MD5(" + password + ")'");

So this is my class 

public void readDataBase() throws Exception {

    //Scanners

    Scanner in = new Scanner(System.in);

    System.out.print("Username: ");
    String username = in.nextLine();

    System.out.print("Password: ");
    String password = in.nextLine();

    System.out.println(" ");


    //---------------------

    String databaseUsername = "";
    String databasePassword = "";

    try {
        // this will load the MySQL driver, each DB has its own driver

        Class.forName("com.mysql.jdbc.Driver");

        // setup the connection with the DB.

        connect = DriverManager
                .getConnection("jdbc:mysql://localhost/cards?"
                        + "user=root&password=password");

        // statements allow to issue SQL queries to the database

        statement = connect.createStatement();
        resultSet = statement.executeQuery("SELECT password FROM cards.username WHERE username = '" + username + "' && password = '" + password + "'");
        //writeResultSet(resultSet);

        while (resultSet.next()) {
            databaseUsername = resultSet.getString("username");
            databasePassword = resultSet.getString("password");

        }

        if (username.equals(databaseUsername) && password.equals(databasePassword))

            System.out.println("Success !! ");
        else
            System.out.println(" Failure ");

        //---

        //--------------------------------------------------------------------------------------------------

        // resultSet gets the result of the SQL query

        //      resultSet = statement.executeQuery("select * from FEEDBACK.COMMENTS");
        //      
        //      writeResultSet(resultSet);
        //
        //      // preparedStatements can use variables and are more efficient
        //      preparedStatement = connect
        //          .prepareStatement("insert into  FEEDBACK.COMMENTS values (default, ?, ?, ?, ? , ?, ?)");


        // "myuser, webpage, datum, summary, COMMENTS from FEEDBACK.COMMENTS");
        // parameters start with 1
        //      preparedStatement.setString(1, "Test");
        //      preparedStatement.setString(2, "TestEmail");
        //      preparedStatement.setString(3, "TestWebpage");
        //      preparedStatement.setDate(4, new java.sql.Date(2009, 12, 11));
        //      preparedStatement.setString(5, "TestSummary");
        //      preparedStatement.setString(6, "TestComment");
        //      preparedStatement.executeUpdate();

        //      preparedStatement = connect
        //          .prepareStatement("SELECT myuser, webpage, datum, summary, COMMENTS from FEEDBACK.COMMENTS");
        //      resultSet = preparedStatement.executeQuery();
        //      writeResultSet(resultSet);
        //
        //      // remove again the insert comment
        //      preparedStatement = connect
        //      .prepareStatement("delete from FEEDBACK.COMMENTS where myuser= ? ; ");
        //      preparedStatement.setString(1, "Test");
        //      preparedStatement.executeUpdate();
        //      
        //      resultSet = statement
        //      .executeQuery("select * from FEEDBACK.COMMENTS");
        //      writeMetaData(resultSet);
        //      

        //--------------------------------------------------------------------------------------------------------- 


    } catch (Exception e) {
        throw e;
    } finally {
        close();
    }

}

And this is another class where I call this method

package mysqltryouts;

import java.util.Scanner;
import mysqltryouts.MySQLtryouts;

public class main {
    public static void main(String[] args) throws Exception {
        MySQLtryouts dao = new MySQLtryouts();
        dao.readDataBase();
    }
}

This is my simple DB with only 1 table : enter image description here

I am kinda new with this mySQL and Java stuff, any help would be really appreciated

*EDIT #1 Fixed the main problem, but I still don't know how to make the MD5 thing, I mean when I enter my password in java, it gets itself crypted, I've used this method in VB.NET and tried an equivalent but with no success. : 

Dim SqlQuery As String = "SELECT COUNT(*) From users1 WHERE username = @Username AND password = MD5(@Password); "

My java attempt: 

resultSet = statement.executeQuery("SELECT * FROM cards.username WHERE username = '" + username + "' AND password = ('MD5(" + password + ")'");
Was it helpful?

Solution

my password field is varchar(10) and I just add MD5 when I manually add the data from phpmyadmin or from my app

While retrieving from the table too, apply MD5 on your password input value to compare with database field value.

SQL statement: 

select count(*) > 0 as match_found 
  from table_name
 where username = ?
   and password = md5( ? )

In JAVA:

Use PreparedStatement for value binding with the statement.

PreparedStatement pst = con.prepareStatement( sqlQuery );
pst.setString( 1, userName );
pst.setString( 2, password );

ResultSet rs = pst.executeQuery();
boolean loginSuccess = false;
if( rs.next() ) {
  loginSuccess = rs.getBoolean( "match_found" );
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top