Java android中的登录表单验证
我已经在Android上开发了一个登录表单。我在这里使用了验证。我必须填写任何人(用户名或密码),然后我的应用程序应该显示成功!并且应该转移到其他活动 但是,如果两个字段都为空,则不应显示成功消息,而应显示登录失败 请帮我这个 这是我的Web服务代码:Java android中的登录表单验证,java,android,validation,Java,Android,Validation,我已经在Android上开发了一个登录表单。我在这里使用了验证。我必须填写任何人(用户名或密码),然后我的应用程序应该显示成功!并且应该转移到其他活动 但是,如果两个字段都为空,则不应显示成功消息,而应显示登录失败 请帮我这个 这是我的Web服务代码: public class XcartLogin { public String authentication(String userName, String password) { String retrievedUser
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
这是对我的android代码的验证:
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
尝试使用此条件:
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
而不是您的状况:
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
尝试使用此条件:
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
而不是您的状况:
public class XcartLogin {
public String authentication(String userName, String password) {
String retrievedUserName = "";
String retrievedPassword = "";
String status = "";
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/xcart432-pro", "root", "");
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = '" + userName + "'");
ResultSet result = statement.executeQuery();
while (result.next()) {
retrievedUserName = result.getString("login");
retrievedPassword = result.getString("password");
}
if (retrievedUserName.equals(userName) && retrievedPassword.equals(password)) {
status = "Success!";
} else {
status = "Login fail!!!";
}
} catch (Exception e) {
e.printStackTrace();
}
return status;
}
}
if(status.equals("Success!"))
{
// ADD to save and read next time
String strUserName = userName.getText().toString().trim();
String strPassword = userPassword.getText().toString().trim();
if (null == strUserName || strUserName.length() == 0)
{
// showToast("Enter Your Name");
userName.setError( "username is required!" );
isUserValidated = false;
}
if (null == strPassword || strPassword.length() == 0)
{
// showToast("Enter Your Password");
isPasswordValidated = false;
userPassword.setError( "password is required!" );
}
}
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password)&&!(retrievedUserName.equals("") && retrievedPassword.equals("")))
if(retrievedUserName.equals(userName)&&retrievedPassword.equals(password))
首先,您使用PreparedStatement的方式是不正确的。以下是您应该如何修改它:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
然后使用setString(int-paramIndex,String-value)
设置值,然后调用executeQuery()
方法。大概是这样的:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
statement.setString(1, userName);
ResultSet result = statement.executeQuery();
if(userName.equals(retrievedUserName)&&password.equals(retrievedPassword)&&!("".equals(retrievedUserName) && "".equals(retrievedPassword)))
这是安全的,也是在代码中使用PreparedStatement的实际方法
现在,为了测试您的需求,您应该执行以下操作:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
statement.setString(1, userName);
ResultSet result = statement.executeQuery();
if(userName.equals(retrievedUserName)&&password.equals(retrievedPassword)&&!("".equals(retrievedUserName) && "".equals(retrievedPassword)))
请注意,我正在对照retrievedUserName和retrievedPassword检查用户名和密码,反之亦然,因为根据forgetString(int)
,retrievedUserName或retrievedPassword可能为空
返回:列值;如果该值为SQL NULL,则该值
返回的值为空
如果该值为null,那么您将处理
NullPointerException
,我想您可能希望避免这种情况。同样,出于同样的原因,您可能希望在尝试查询数据库之前检查参数的null值 首先,您使用PreparedStatement的方式是不正确的。以下是您应该如何修改它:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
然后使用setString(int-paramIndex,String-value)
设置值,然后调用executeQuery()
方法。大概是这样的:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
statement.setString(1, userName);
ResultSet result = statement.executeQuery();
if(userName.equals(retrievedUserName)&&password.equals(retrievedPassword)&&!("".equals(retrievedUserName) && "".equals(retrievedPassword)))
这是安全的,也是在代码中使用PreparedStatement的实际方法
现在,为了测试您的需求,您应该执行以下操作:
PreparedStatement statement = con.prepareStatement("SELECT * FROM xcart_customers WHERE login = ?");
statement.setString(1, userName);
ResultSet result = statement.executeQuery();
if(userName.equals(retrievedUserName)&&password.equals(retrievedPassword)&&!("".equals(retrievedUserName) && "".equals(retrievedPassword)))
请注意,我正在对照retrievedUserName和retrievedPassword检查用户名和密码,反之亦然,因为根据forgetString(int)
,retrievedUserName或retrievedPassword可能为空
返回:列值;如果该值为SQL NULL,则该值
返回的值为空
如果该值为null,那么您将处理NullPointerException
,我想您可能希望避免这种情况。同样,出于同样的原因,您可能希望在尝试查询数据库之前检查参数的null值 在验证代码中的if(status.equals(“Success!”)
语句之前,应首先执行此操作,以避免在任何文本字段首先为空时查询数据库:
boolean errorOccurred = false;
if (strUserName.equals("")) {
userName.setError("Username is required!");
errorOccurred = true;
}
if (strPassword.equals("")) {
userName.setError("Password is required!");
errorOccurred = true;
}
if (errorOccurred) {
return; // avoids executing the part of your code which queries the db
}
检查输入字段的值是否为null
是毫无意义的,因为如果它们不包含任何内容,它将只是一个空字符串,或者“
”。然后,为了简化您的Web服务代码
if (result.next()) { // use if instead of while, because ideally, only ONE record should
// be returned and hence, no need to loop;
// then, just get the corresponding password
retrievedPassword = result.getString("password");
}
if (retrievedPassword.equals(password)) {
status = "Success!";
}
进一步建议:将“Success!”放在字符串常量中,并使用该常量代替文本值。通过这种方式,您犯错误的几率更小,编辑代码也更容易。在验证代码中的if(status.equals(“Success!”)
语句之前,您应该首先执行此操作,以避免在任何文本字段为空时查询数据库:
boolean errorOccurred = false;
if (strUserName.equals("")) {
userName.setError("Username is required!");
errorOccurred = true;
}
if (strPassword.equals("")) {
userName.setError("Password is required!");
errorOccurred = true;
}
if (errorOccurred) {
return; // avoids executing the part of your code which queries the db
}
检查输入字段的值是否为null
是毫无意义的,因为如果它们不包含任何内容,它将只是一个空字符串,或者“
”。然后,为了简化您的Web服务代码
if (result.next()) { // use if instead of while, because ideally, only ONE record should
// be returned and hence, no need to loop;
// then, just get the corresponding password
retrievedPassword = result.getString("password");
}
if (retrievedPassword.equals(password)) {
status = "Success!";
}
进一步建议:将“Success!”放在字符串常量中,并使用该常量代替文本值。通过这种方式,您犯错误的机会更小,编辑代码也更容易。甚至正如Sujay建议更改准备好的语句一样。你的是对预备语句的错误用法,甚至正如Sujay所建议的那样,更改预备语句。你的陈述是一种错误的用法,只是离题了。。上述形式的代码对SQL注入非常敏感&您永远不应该从DB检索密码,而应该将其作为参数传递给SQL准备语句。。上述形式的代码对SQL注入非常敏感&您不应该从DB检索密码,而应该将其作为参数传递给SQL语句