Java 我正在尝试让用户可以使用注册用户名或电子邮件id或电话号码以及密码登录
我不熟悉Java环境,所以我需要您的帮助来解决这个问题。选择我写的将用户名作为注册用户名或电话号码或电子邮件的查询是否正确Java 我正在尝试让用户可以使用注册用户名或电子邮件id或电话号码以及密码登录,java,Java,我不熟悉Java环境,所以我需要您的帮助来解决这个问题。选择我写的将用户名作为注册用户名或电话号码或电子邮件的查询是否正确 public class UserValidationAdapter { static Logger logger = Logger.getLogger(UserValidationAdapter.class); public boolean userInq(UserVO UserVOObj) throws Exception{ logge
public class UserValidationAdapter {
static Logger logger = Logger.getLogger(UserValidationAdapter.class);
public boolean userInq(UserVO UserVOObj) throws Exception{
logger.debug("Started---userInq ");
boolean isValid = false;
Connection con = null;
Statement statement = null;
//Statement statement1 = null;
ResultSet rs = null;
//ResultSet rs1 = null;
String userId = null;
//int rowsUpdated;
try{
con = DBConnection.getConnection();
String SelectTableQuery = "SELECT user_id FROM user_details_table WHERE (user_name='"+UserVOObj.getUsername()+"' OR '"+UserVOObj.getPhonenumber()+"' OR '"+UserVOObj.getEmail()+"') AND password='"+UserVOObj.getPassword()+"'";
statement = con.createStatement();
rs = statement.executeQuery(SelectTableQuery);
while(rs.next()){
userId = rs.getString("user_id");
}
if(userId != null){
isValid = true;
logger.info("Value of isValid.."+isValid);
}
}
catch(Exception e){
e.printStackTrace();
}
finally{
try{
if(rs != null)
rs.close();
if(statement != null)
statement.close();
if(con != null)
con.close();
}
catch(Exception e){
e.printStackTrace();
logger.error("Exception in userInq method"+e);
}
}
logger.debug("Ended---userInq ");
return isValid;
}
}
必须在所有或参数前面使用列名用户名 请更新您的查询如下
String SelectTableQuery = "SELECT user_id FROM user_details_table WHERE (user_name='"+UserVOObj.getUsername()+"' OR user_name='"+UserVOObj.getPhonenumber()+"' OR user_name='"+UserVOObj.getEmail()+"') AND password='"+UserVOObj.getPassword()+"'";
我现在更改了select查询,它可以很好地处理查询,但是我们需要添加更多的逻辑来检查用户输入的手机号码、电子邮件或用户名。我将发布查询和该逻辑,以验证用户输入 公共类UserValidationAdapter{
static Logger logger = Logger.getLogger(UserValidationAdapter.class);
public boolean userInq(UserVO UserVOObj) throws Exception{
logger.debug("Started---userInq ");
boolean isValid = false;
Connection con = null;
Statement statement = null;
//Statement statement1 = null;
ResultSet rs = null;
//ResultSet rs1 = null;
String userId = null;
//int rowsUpdated;
try{
con = DBConnection.getConnection();
String SelectTableQuery = "SELECT user_id FROM user_details_table WHERE (user_name='"+UserVOObj.getUsername()+"' OR phone_number='"+UserVOObj.getPhonenumber()+"' OR email='"+UserVOObj.getEmail()+"') AND password='"+UserVOObj.getPassword()+"'";
statement = con.createStatement();
rs = statement.executeQuery(SelectTableQuery);
System.out.println(SelectTableQuery);
while(rs.next()){
userId = rs.getString("user_id");
}
if(userId != null){
isValid = true;
logger.info("Value of isValid.."+isValid);
}
}
catch(Exception e){
e.printStackTrace();
}
finally{
try{
if(rs != null)
rs.close();
if(statement != null)
statement.close();
if(con != null)
con.close();
}
catch(Exception e){
e.printStackTrace();
logger.error("Exception in userInq method"+e);
}
}
logger.debug("Ended---userInq ");
return isValid;
}
static Logger logger = Logger.getLogger(LoginRestService.class);
//private ResponseVo userDetailsObj;
boolean validatePhoneNumber=false;
public Response userLoginInq(UserVO userDetailsObj) {
logger.debug("Started---userLoginInq ");
//String lastseen=null;
UserValidationAdapter userValidationObj = new UserValidationAdapter();
String lastlogin=null;
ResponseVo res = new ResponseVo();
try{
System.out.println(userDetailsObj.getUsername());
System.out.println(userDetailsObj.getPassword());
String username1 =userDetailsObj.getUsername();
if(username1.matches("\\d{10}"))
{
userDetailsObj.setPhonenumber(userDetailsObj.getUsername());
Connection con = null;
ResultSet rs = null;
Statement statement = null;
con = DBConnection.getConnection();
String DisplayDetailsQuery = "SELECT user_name FROM user_details_table WHERE phone_number='"+userDetailsObj.getPhonenumber()+"'";
statement = con.createStatement();
rs = statement.executeQuery(DisplayDetailsQuery);
while(rs.next()){
userDetailsObj.setUsername(rs.getString("user_name"));
}
}
else if(username1.matches("[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}"))
{
userDetailsObj.setEmail(userDetailsObj.getUsername());
Connection con = null;
ResultSet rs = null;
Statement statement = null;
con = DBConnection.getConnection();
String DisplayDetailsQuery = "SELECT user_name FROM user_details_table WHERE email='"+userDetailsObj.getEmail()+"'";
statement = con.createStatement();
rs = statement.executeQuery(DisplayDetailsQuery);
while(rs.next()){
userDetailsObj.setUsername(rs.getString("user_name"));
}
}
else{
userDetailsObj.setUsername(userDetailsObj.getUsername());
}
System.out.println();
boolean isValid = userValidationObj.userInq(userDetailsObj);
lastseenLogin lstlogin=new lastseenLogin();
lastlogin = lstlogin.lastlogin(userDetailsObj);
System.out.println("In Main class"+isValid);
if(isValid){
res.setStatus(UserConstants.SuccessMsg);
res.setSuccess(true);
res.setUsername(userDetailsObj.getUsername());
res.setPhonenumber(userDetailsObj.getPhonenumber());
res.setEmail(userDetailsObj.getEmail());
logger.info("value of isValid..."+isValid);
res.setDate(lastlogin);
}
else{
res.setErrorCode(UserConstants.ErrorCode);
res.setErrorMessage(UserConstants.ErrorMsg);
res.setStatus(UserConstants.ErrorStatus);
res.setSuccess(false);
logger.info("value of isValid..."+isValid);
}
}
catch(Exception e){
e.printStackTrace();
logger.error("Exception in userLoginInq "+e);
}
logger.debug("Ended---userLoginInq ");
return Response.status(200).entity(res).build();
}
了解防止SQL注入的准备语句
是否正确