7 Replies - 322 Views - Last Post: 22 May 2014 - 09:37 AM Rate Topic: ***-- 2 Votes

#1 incredibleX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 171
  • Joined: 01-November 13

execute() for queries in java

Posted 13 May 2014 - 10:25 AM

here is my code:

public boolean isValidLogin(){
		InitializeDatabase("DSN");
		return statement.execute("SELECT * FROM Login where userName = '"+getUserName()+"' AND password = '"+getPassword()+"'");
}
	


this is my code for validating user to the main Frame. but this always returns true. I don't know why.
Is This A Good Question/Topic? 0
  • +

Replies To: execute() for queries in java

#2 Peter O  Icon User is offline

  • D.I.C Head

Reputation: 75
  • View blog
  • Posts: 177
  • Joined: 19-October 13

Re: execute() for queries in java

Posted 13 May 2014 - 10:39 AM

Java API: Statement.execute(String) said:

Returns:
true if the first result is a ResultSet object; false if it is an update count or there are no results

I think the first result is still a ResultSet even if it's empty so that's probably why it always returns true.
Was This Post Helpful? 0
  • +
  • -

#3 incredibleX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 171
  • Joined: 01-November 13

Re: execute() for queries in java

Posted 13 May 2014 - 11:22 AM

what is the better way to validate a user name and a password then?
because filling ResultSet with all the table and the conditioning makes it slower.
i.e
ResultSet rs = statement.executeQuery("Select * From table");

Was This Post Helpful? 0
  • +
  • -

#4 Peter O  Icon User is offline

  • D.I.C Head

Reputation: 75
  • View blog
  • Posts: 177
  • Joined: 19-October 13

Re: execute() for queries in java

Posted 13 May 2014 - 11:40 AM

I think you can use your first query but you probably have to investigate the ResultSet to see if it's empty.
Was This Post Helpful? 0
  • +
  • -

#5 incredibleX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 171
  • Joined: 01-November 13

Re: execute() for queries in java

Posted 13 May 2014 - 11:59 AM

please explain how?
Was This Post Helpful? 0
  • +
  • -

#6 Peter O  Icon User is offline

  • D.I.C Head

Reputation: 75
  • View blog
  • Posts: 177
  • Joined: 19-October 13

Re: execute() for queries in java

Posted 13 May 2014 - 12:40 PM

I don't really have any experience with the Java SQL classes so I have to look this stuff up. The way people seem to suggest to do this is to call the ResultSet.next() method to see if the ResultSet is empty.

http://docs.oracle.c...Set.html#next()

ResultSet rs = statement.executeQuery("SELECT * FROM Login where userName = '"+getUserName()+"' AND password = '"+getPassword()+"'");
if (rs.next())
{
	// valid login
}
else
{
	// invalid login
}

Was This Post Helpful? 1
  • +
  • -

#7 CasiOo  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1373
  • View blog
  • Posts: 3,024
  • Joined: 05-April 11

Re: execute() for queries in java

Posted 13 May 2014 - 01:03 PM

Peter O got it right, you can use next() to check if any results were found

But please use PreparedStatement instead. Prevent SQL injection!
It is just much safer :)
PreparedStatement ps = connection.prepareStatement("SELECT * FROM Login where userName = ? AND password = ?);
ps.setString(1, getUserName());
ps.setString(2, getPassword());
ResultSet rs = ps.executeQuery();
return rs.next();


Was This Post Helpful? 3
  • +
  • -

#8 incredibleX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 171
  • Joined: 01-November 13

Re: execute() for queries in java

Posted 22 May 2014 - 09:37 AM

you are just love... :D :*
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1