• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

PreparedStatement and select from MySQL  RSS feed

 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi. i want to create a login page where only user that had role as admin can login. here is my databases :

tb_users :
user_id (PK)
password

tb_user_auth :
user_id (FK)
objects_id // contain user roles

and here's my code :



the problem is "check your password and user id" appeared. does that mean i failed to retrieve values from objects_id and compare it to string "admin"? or there's something else? what's should i do? (notes: i'm not a native speaker and also new to java, please explain it in simplest way. thank you)
 
Bartender
Posts: 1142
38
IBM DB2 Java Netbeans IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, welcome to the ranch !

Please check the code you wrote without focusing on Java itself, thinking in pseudo-code.
What does your program do, and what did you want it to do ?

You are querying agains TB_USERS with a given user id and password.  Are you actually using a resultset from this first query ?
Under what circumstances do you want to raise an authentication error, and when do you raise this error instead ? Look better at



condition. What does it actually do ?



 
nida azizah
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Claude Moore wrote:First of all, welcome to the ranch !

Please check the code you wrote without focusing on Java itself, thinking in pseudo-code.
What does your program do, and what did you want it to do ?

You are querying agains TB_USERS with a given user id and password.  Are you actually using a resultset from this first query ?
Under what circumstances do you want to raise an authentication error, and when do you raise this error instead ? Look better at



condition. What does it actually do ?





nida azizah wrote:
thank you

yes, i do use user_id and password from tb_users because i want to create login page. But if i want to use multiple result set, cause there's two queries that need 2 result set, i have to close the first one (please correct me if i'm wrong).

i want only user who had object_id as admin can login. When i entered user_id and password my program would automatically check whether my user_id are admin or not.  i use to check by comparing my string that saved in objek compared with objek_id (contain values from database).

actually because i use relational database (my tb_users related with tb_userauth) so i don't specifically use
i just use . so if my object_id is 'admin' it'll automatically retrieve user_id that already had object_id as 'admin'.

is only checking whether my upper codes work or not.

 
Claude Moore
Bartender
Posts: 1142
38
IBM DB2 Java Netbeans IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Let's analyze your code.



In this piece of code, you're querying your tb_users table to check if an entry with given userid and password exists. You execute the query, but you do nothing with the given resultset, so that you're not really checking anything ! No matter if you find or not a match, your code will go on. You might have wrote:



The following code seems to be conceptually wrong:

   
         
First, you're simply querying the whole tb_userauth table, without using given userid as key. This means you're not reading what authorizations a specific user has, you're just reading all the table.
More over, you are not cycling over the ResultSet: if a guy has more than a single authorization (i.e, for each userid you may have multiple records recorded on tb_userauth), you're evaluating only one authorization (and not necessarily the first one: you did not specify an ORDER BY, so that the order records are presented with is unpredictable). So, at a minimum, you should use a while statement.

As a personal coding taste: I think it's a poor practice to loop over a cursor to verify if a record has or has not a given value.
It would be better to use specific WHERE constraints, for example :



But these are only my two cents  


 
nida azizah
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
so basically  i don't have to compare to any string because i can get string easily from
thank you so much for your help. your explanation is easily understandable.
 
And then we all jump out and yell "surprise! we got you this tiny ad!"
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!