Home/ Questions/Q 9086483
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T21:30:02+00:00

Hello I am trying to create a login form in java netbeans IDE. My

  • 0

Hello I am trying to create a login form in java netbeans IDE. My aim is to create multiple user ID’s and their respective passwords. I have given textfields to userID and passwordField for passwords to get the values but the problem is i want to get the text from the password field and i am unable to get it its showing some error i think there is some problem with syntax my research is as follows can there be any solution? Need your help

private void lb_loginMouseClicked(java.awt.event.MouseEvent evt) {                                      
       DBUtil util = new DBUtil();
       String value1=tb_uid.getText();
       String value2=tb_pwd.getPassword();
       String user1="";
       String pass1="";
       try {

            Connection con = util.getConnection();
            PreparedStatement stmt = con.prepareStatement("SELECT * FROM login where username='"+value1+"' && password='"+value2+"'");
            ResultSet res = stmt.executeQuery();
            res = stmt.executeQuery();
            while (res.next()) {
                user1 = res.getString("username");
                pass1 = res.getString("password");
            }
            if (value1.equals(user1) && value2.equals(pass1)) {
            JOptionPane.showMessageDialog(this,"correct");
            }
            else{
            JOptionPane.showMessageDialog(this,"Incorrect login or password","Error",JOptionPane.ERROR_MESSAGE);
            }
            JOptionPane.showMessageDialog(null, "COMMITED SUCCESSFULLY!");
        } catch (Exception ex) {
            JOptionPane.showMessageDialog(null, ex.getMessage());

        }

    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    value2 is char array so doing String concatenation would result in the String representation of the array rather then the String content itself ending up in the SQL. You could replace

    PreparedStatement stmt = con.prepareStatement("SELECT * FROM login where username='"+value1+"' && password='"+value2+"'");

    with

    PreparedStatement stmt = con.prepareStatement("SELECT * FROM login where username='"+value1+"' AND password='" + new String(value2) + "'");

    Similarly 

    if (value1.equals(user1) && value2.equals(pass1)) {

    would need to be

    if (value1.equals(user1) && pass1.equals(new String(value2)) {

    Better use the PreparedStatement placeholders however, to protect against SQL injection attack:

    PreparedStatement stmt = con.prepareStatement("SELECT * FROM login where username=? AND password=?);
stmt.setString(1, value1);
stmt.setString(2, new String(value2));

    Note: This is not a secure way do to a password lookup, a hashed comparison would be relatively safer.

    • 0