• Post Reply Bookmark Topic Watch Topic
  • New Topic

How to Comparing user inputs received with data stored in microsoft database tables  RSS feed

 
Davian Ramsay
Greenhorn
Posts: 6
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

i am developing a program that will accept a username and a password from a user and compare it with the data stored in a database in Microsoft access if the data received match the data in the database it should then proceed to another screen, but the problem am having is that i created an IF statement that if the entered data is correct it proceeds to the next screen but its also doing that(when input data matches) but its showing that the input was also "invalid" as this was what i place in the code if the username is incorrect so it doing two things at once, is there anyway i can correct this..help would be appreciated

this is my codes below:


try{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String sourceURL = "jdbc:odbc:KnutsfordDSN";//name of the stored dsn connected to the stored database
Connection con = DriverManager.getConnection(sourceURL);
java.sql.Statement st = con.createStatement();

ResultSet result = st.executeQuery("SELECT*FROM Passwords");//Password table in the database

System.out.println("Connection Made");//if connection was sucessful




while(result.next()){
String Usernames = result.getString("Usernames"); //username column in the password table in the database
String Passwords = result.getString("Passwords");//password column in the password table in the database

if (txtusername.getText().equals(Usernames)&& txtpassword.getText().equals(Passwords)){
Knutsford kd = new Knutsford(); //if usernames and password match this form will be displayed
kd.setVisible(true);
dispose();

}


}if (txtusername.getText().equals("admin") && txtpassword.getText().equals("admin")){
JOptionPane.showMessageDialog(null,"Admin Login");




}else {
JOptionPane.showMessageDialog(null,"Invalid Credentials");
}





}catch(ClassNotFoundException cnfe){
System.err.println(cnfe);

}catch(SQLException ex){
System.err.println("SQLException:"+ex.getMessage());

}//end of making the connection















 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you understand the difference between



and



?

There's a very important difference, an I believe that may be the source of your problem, although it's hard to say, since your code is hard to read. In the future, please UseCodeTags(⇐click) when posting code.
 
Davian Ramsay
Greenhorn
Posts: 6
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your response, i do know the difference between the two and the reason why i created two separate IF statements like that is due to the fact that the same problem i am having now was also happening then but it had multiple displays "Invalid credentials " when it checked the data in the database so that why i created it that way and the display now only occur once.

here it is and the same problem still occurs
#thanks for the tip

 
Steve Luke
Bartender
Posts: 4181
22
IntelliJ IDE Java Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You have a while loop there. How many times is that while loop executed?
 
Davian Ramsay
Greenhorn
Posts: 6
Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the has next() method in the code ( result.next() ) normally traverse through all the data in the stored database until there is not data left so any amount of data stored in the database the program will loop that amount of times..example if there is 4 usernames and passwords stored on the database, this will loop through all 4

 
chris webster
Bartender
Posts: 2407
36
Linux Oracle Postgres Database Python Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't fetch all the records from your table here, as it is both inefficient and unnecessary. What happens if your application has 1000 users, or 10,000?
Don't check the password in your Java code - you should not be moving passwords around your application any more than necessary, and it's not necessary here.
Use SQL to do this: that's what it's for. No point using a database if you're just going to treat it as a dumb flat-file system.
You have an input username and password, so you simply need to check if this pair exists in your database table. The query could be something like:

You'll need to work out how to write this as a PreparedStatement for yourself. But the query only needs to execute once and fetches at most a single row. If it returns a 1, then you know the user/password exist. If it doesn't return any values, then you know this user/password combination does not exist.

Incidentally, normally you would try to encrypt the password in some way, but it looks like you are just using plain-text passwords. This would be a very bad idea in a real application.

Tips:
  • Read about using PreparedStatement for greater efficiency, security etc.
  • Learn some SQL so you don't waste resources doing things in Java that can be done easily in the database.
  • Think about what you are trying to achieve, and the tools available, before you start writing code.

  •  
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!