2020年7月25日 23:53:50未分类评论43阅读模式

英文:

Result set from sqlite query does not have a rs.next()

问题

在我的代码中，我试图获取用户名为"Jason"且密码为"1234"的用户。然而，我使用的查询在Java中未返回任何值。另一方面，当我在我的SQL工作台上编写相同的查询时，它会返回一行。

@FXML
private TextField tf_username;

@FXML
private TextField pf_password;

@FXML
void logIn(MouseEvent event) throws SQLException, IOException {
   String username = tf_username.getText();
   String password = pf_password.getText();
   String checkPassSql = "select * from users where username" + " = '" + username + "' and password = '" + password + "' ";

   Connection connection = DbConnect.getInstance().getConnection();

   Statement statement = connection.createStatement();

   ResultSet rs = statement.executeQuery(checkPassSql);


   if(rs.next()){
    //将下一行从注册场景更改为主页场景
    Parent root = FXMLLoader.load(getClass().getResource("home.fxml"));
    Node node = (Node) event.getSource();
    Stage stage = (Stage) node.getScene().getWindow();
    stage.setScene(new Scene(root)); 
   }
}

这是在SQL工作台中预期的结果集

英文:

In my code, I am trying to get a user with the username = "Jason" and has a password of "1234". However, the query that I am using is not returning any values in Java. On the other hand, when I write the same query on my SQL bench it returns a row.

    @FXML
    private TextField tf_username;

    @FXML
    private TextField pf_password;

    @FXML
    void logIn(MouseEvent event) throws SQLException, IOException {
       String username = tf_username.getText();
       String password = pf_password.getText();
       String checkPassSql = &quot;select * from users where username&quot; + &quot; = &#39;&quot;+username+&quot;&#39;and password = &#39;&quot;+password+&quot;&#39; &quot;;
       
       Connection connection = DbConnect.getInstance().getConnection();
       
       Statement statement = connection.createStatement();
       
       ResultSet rs = statement.executeQuery(checkPassSql);
              
       
       if(rs.next()){
        //change the next line from signUp scene to home scene  
        Parent root = FXMLLoader.load(getClass().getResource(&quot;home.fxml&quot;));
        Node node = (Node) event.getSource();
        Stage stage = (Stage) node.getScene().getWindow();
        stage.setScene(new Scene(root)); 
       }
       
       
       
    }

This is the expected result set from the SQL workbench

答案1

得分: 0

首先，您应该在参数化查询中使用 PreparedStatement 而不是 Statement。这样做的两个重要优点是：

您的应用程序将不受 SQL 注入的影响。
您不需要显式地在文本值周围添加 '。

String sql = "SELECT * FROM users WHERE username=? AND password=?";

PreparedStatement preparedStatement = connection.prepareStatement(sql);

preparedStatement.setString(1, username);
preparedStatement.setString(2, password);

ResultSet rs = preparedStatement.executeQuery();

您的代码似乎在哪个地方出错了？

如果执行以下代码：

public class Main {
    public static void main(String[] args) {
        String username = "Jason";
        String password = "1234";
        String sql = "select * from users where username" + " = '&#39;" + username + "&#39;and password = '&#39;" + password + "&#39; ";
        System.out.println(sql);
    }
}

您将获得以下输出：

select * from users where username = '&#39;Jason&#39;and password = '&#39;1234&#39;

这与您在 SQL 工作台上执行的不同。为了匹配它，您的代码应该如下：

String sql = "select * from users where username" + " = \\\"" + username + "\\\" and password = \\\"" + password
                + "\\\"";

这将被转换为以下内容：

select * from users where username = "Jason" and password = "1234"

这与您在 SQL 工作台上测试的内容相同。

然而，正如我之前已经提到的，应该使用 PreparedStatement 而不是 Statement。

英文:

First of all, you should use PreparedStatement instead of Statement for a parameterized query. Two important advantages of doing so will be:

Your application will be safe from SQL injection.

You do not need to put ' around the text values explicitly.

String sql = &quot;SELECT * FROM users WHERE username=? AND password=?&quot;;

PreparedStatement preparedStatement = connection.prepareStatement(sql);

preparedStatement.setString(1, username);
preparedStatement.setString(2, password);

ResultSet rs = preparedStatement.executeQuery();

Where does your code seem to be failing?

If you execute the following code,

public class Main {
	public static void main(String[] args) {
		String username = &quot;Jason&quot;;
		String password = &quot;1234&quot;;
		String sql = &quot;select * from users where username&quot; + &quot; = &#39;&quot; + username + &quot;&#39;and password = &#39;&quot; + password + &quot;&#39; &quot;;
		System.out.println(sql);
	}
}

you will get the following output:

select * from users where username = &#39;Jason&#39;and password = &#39;1234&#39;

which is different from what you have executed on SQL workbench. In order to match it, your code should have been as follows:

String sql = &quot;select * from users where username&quot; + &quot; = \&quot;&quot; + username + &quot;\&quot; and password = \&quot;&quot; + password
				+ &quot;\&quot;&quot;;

That would have been converted into the following:

select * from users where username = &quot;Jason&quot; and password = &quot;1234&quot;

which is same as what you've tested on SQL workbench.

However, as I've already mentioned earlier, use PreparedStatement instead of Statement.

专注分享java语言的经验与见解，让所有开发者获益！

来自SQLite查询的结果集没有rs.next()。

问题

答案1

您的代码似乎在哪个地方出错了？

Where does your code seem to be failing?

Go like channels in Java

在低资源环境下使用Apache Cassandra和Go服务器

avatica-go客户端读取Phoenix查询服务器：[驱动程序：连接错误]

向Spring端点发送POST请求，返回状态码400。

Spring Boot控制器从Golang应用程序接收到的重定向请求会被重复执行两次。

可以在不将其读入内存的情况下多次重用HTTP请求体吗？

How to register my go lang microservice in Spring Eureka Service Discovery

在应用程序-go + BDD-java中模拟第三方服务

What is value, reference vs pointer and what these three example used to pass?

Do goroutines and light-weight Java threads mean we never need use thread pools and async code again?

发表评论