javamysqlnetbeansnullgetstring

How to store an sql result in a variable to be used

Good day all,

I am working on a java project, in netbeans. I have a class called dbcon, which has a bunch of methods and a constructor that connects to a Mysql database. One such method is a login method, which receives 2 parameters: username and password; searches the database using sqls and stores the result in a resultset. I then go on to use getString to retrieve the stored data and store it in a String variable. However, it returns a null value. The datatype in the table for username and password are both varchar(45). I had gotten the mem_id value before and was able to perform inserts using it appropriately, but have issues with the string type. Furthermore, the member variable susername also returns null even though I'm storing it directly from the passed variable username.

 public boolean login(String username, String pwd) throws SQLException {
        boolean res = false;
        String spass;
        try {
            ResultSet dbuser = stmt.executeQuery("select userpwd.mem_id, upassword, email from userpwd, memdet"
                    + " where userpwd.username = '" + username + "' and memdet.mem_id=userpwd.mem_id");
            if (dbuser.next()) {
                spass = dbuser.getString("upassword");
                if ((spass.equals(pwd))) {
                    res = true;
                    id = dbuser.getInt("mem_id");
                    this.susername = username;
                    this.semail = dbuser.getString("email");
                } else {
                    res = false;
                }
            }
        } catch (SQLException ex) {
        }
        return res;
    }

Thanks

Solution

  • The second call to dbuser.next() is making the result set to advance, so that if body doesn't enter, you don't need that, just move the if inside the other.

    Like:

     public boolean login(String username, String pwd) throws SQLException {
    boolean res = false;
    String spass="";
    try {
        ResultSet dbuser = stmt.executeQuery("select password from userpwd where username = '" + username + "';"); //here you should use parameters to set the username.
        if (dbuser.next()){
            spass = dbuser.getString("password");
            if (spass.equals(pwd)) {
                res = true;
                ResultSet mid = stmt.executeQuery("select mem_id from userpwd where username = '" + username + "';");
                id = mid.getInt("mem_id");
                this.susername = username;
                ins = "select email from memdet where mem_id = " + id;
                ResultSet ema = stmt.executeQuery(ins);
                this.semail = ema.getString("email");
            } else {
                res = false;
            }
    } catch (SQLException ex) {
    }
    return res;
}

    There are lots of other things to be improved like, using parameters for setting the query parameters, to avoid SQL injection attacks, and there is no need to perform three queries, you could do it with one and a join.