import java.awt.BorderLayout;
import java.awt.FlowLayout;
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.FileInputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.Statement;
import java.util.Properties;import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JPasswordField;
import javax.swing.JTextField;
import javax.swing.SwingConstants;public class JdbcUtil {
public static void main(String args[]){
QueryFrame frame = new QueryFrame();
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.setVisible(true);
}
}
class QueryFrame extends JFrame{
private static final int DEFAULT_WIDTH =200;
private static final int DEFAULT_HEIGHT = 300;
private JPanel southPanel;
private JButton okButton;
private JButton register;
private JPanel northPanel;
private JTextField userField = new JTextField();
private JPasswordField passwordField = new JPasswordField();
public static Connection getConnection() throws Exception
{
Properties props = new Properties();
FileInputStream in = new FileInputStream("database.properties");
props.load(in);
in.close();
String drivers = props.getProperty("jdbc.drivers");
if(drivers != null) System.setProperty("jdbc.drivers" , drivers);
String url = props.getProperty("jdbc.url");
String username =props.getProperty("jdbc.username");
String password = props.getProperty("jdbc.password");
return DriverManager.getConnection(url , username , password);
}
public QueryFrame(){
setSize(DEFAULT_WIDTH , DEFAULT_HEIGHT);
JPanel northPanel = new JPanel();
// JTextField userField = new JTextField();
// JPasswordField passwordField = new JPasswordField();
northPanel.setLayout(new GridLayout(2,2));
northPanel.add(new JLabel("User name: ", SwingConstants.RIGHT));
northPanel.add(userField);
northPanel.add(new JLabel("Password : ", SwingConstants.RIGHT));
northPanel.add(passwordField);
add(northPanel , BorderLayout.NORTH);
southPanel = new JPanel();
okButton = new JButton("OK");
register = new JButton("register"); okButton.addActionListener(new ActionListener(){
@Override
public void actionPerformed(ActionEvent e) {
// TODO Auto-generated method stub
check();
}
});
register.addActionListener(new ActionListener(){
@Override
public void actionPerformed(ActionEvent e){
insertNewUser();
}
});
southPanel.setLayout(new FlowLayout());
southPanel.add(okButton);
southPanel.add(register);
add(southPanel , BorderLayout.CENTER);
}
private void insertNewUser(){
try{
Connection conn = getConnection();
Statement stat = conn.createStatement();
String tuser = userField.getText();
String tpwd = new String (passwordField.getPassword());
System.out.println("INSERT INTO user1 VALUES ('" + tuser + "','" + tpwd + "')" );
stat.execute("INSERT INTO user1 VALUES (" + tuser + "," + tpwd + ")" ); //这里如果直接用"insert int user1 values('name' , 'pwd)"的话就没问题。但是用tuser和tpwd无法插入数据,哪里有问题啊?
//(" + tuser + "," + tpwd + ")");
}
catch(Exception e){
}
} private void check(){ //验证用户登陆一般是怎么弄 直接比较字符串吗? 还有什么其他的方法吗?
Connection conn;
try {
conn = getConnection();
Statement stat = conn.createStatement();
ResultSet result = stat.executeQuery("SELECT * FROM user1"); String tuser = new String(userField.getText());
String tpwd = new String (passwordField.getPassword());
boolean userFlag = false;
boolean pwdFlag = false;
if(result == null)
System.out.println("Result is null");
else
System.out.println("Result is not null");
while(result.next()){
if(tuser.equals(result.getString(1))){
userFlag = true;
result.next();
if(tpwd.equals(result.getString(2))){
pwdFlag = true;
break;
}
}
}
if( userFlag && pwdFlag){
System.out.println("Login Sucessfully");
}
else if(userFlag)
System.out.println("Wrong password");
else
System.out.println("Wrong username");
result.close();
conn.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
麻烦知道的说下 ,不胜感激!
改为
stat.execute("INSERT INTO user1 VALUES ('"+tuser+"','"+tpwd+"')");就1楼说的。。登陆验证可以传一个对象过去,如果能通过对象的相应属性在表里查到,则认为登陆成功,反之失败。
防止sql注入的话可以用preparedstatement,直接找有没有存在用户名和密码符合条件的人就行了。