Check username and password in java DataBase and give wrong password message if false

Question

i want to display an error wrong username & password after comparing entered username and password with database of users in java.

the problem is it does the if else statement against each row until it gets to the right row b4 displaying "username and password correct" but i want it to check against all and if it doesn't exist then it displays "Please Check Username and Password "

note: please ignore the naming convention the problem is in the arrangement of the while, if and any other recommended loop statements but i am not sure on how to organise it to get my desired result

here is my code with comments

 public void displayUsers(String f, String s) {
        try {
            String queryString = "SELECT SName, SPwd FROM staff";
            ResultSet results = Statement.executeQuery(queryString);

            while (results.next()) {
            String staffname = results.getString("snameeee");
            String password =  results.getString("SPwd");

               if ((f.equals(staffname)) && (s.equals(password))) {

                  JOptionPane.showMessageDialog(null, "Username and Password exist");  
            }else {

             //JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
            }
            results.close();
        } catch (SQLException sql) {

            out.println(sql);
        }

Good lord. Do **not** store passwords in plain text. http://stackoverflow.com/search?q=database+password — Matt Ball, Nov 19 '13 at 15:04
yeah i know but its just a demo project no concern about password encryption now..bu thanks for update — prince_ade, Nov 19 '13 at 15:52
https://stackoverflow.com/questions/64554364/check-username-and-password-in-java-database-with-sql-and-give-wrong-password-me anyone please help me out this one!!! — rahul shah, Oct 27 '20 at 12:27

Suresh Atta · Answer 1 · 2013-11-19T15:07:35.460

4

No, what you are doing is wrong.

Loading all records is not good practice to check credentials.

Pass username parameter to your query and check in database.

1)If no user exists, tell username not exists.

2)If user exists then check password of with existed database user password.

edited Nov 19 '13 at 15:07

answered Nov 19 '13 at 15:02

Suresh Atta

120,458
37
198
307

1

and watch out for sql injection – JoeC Nov 19 '13 at 15:09
may I have the coding for this? – Manikandan Aug 06 '14 at 12:59

Shoaib Chikate · Accepted Answer · 2013-11-19T15:58:20.857

3

First don't store password in plain text.Secondly loading all records is very wrong approach of doing above code.

   public void displayUsers(String f, String s) {
    try {
        String queryString = "SELECT * FROM staff where SName=? and SPwd=?";
        //set this values using PreparedStatement
        ResultSet results = ps.executeQuery(queryString); //where ps is Object of PreparedStatement

        if(!results.next()) {

              JOptionPane.showMessageDialog("Wrong Username and Password.");  
        }

    } catch (SQLException sql) {

        out.println(sql);
    }finally{
      //closing ResultSet,PreparedStatement and Connection object
    }

edited Nov 19 '13 at 15:58

answered Nov 19 '13 at 15:08

Shoaib Chikate

8,665
12
47
70

dnt understand your code..what i want to achieve is wrong username or password notification when the entered username or password does not exist in database – prince_ade Nov 19 '13 at 15:56
the only major problem is it is very prone to SQL injection just tried it now, since i am a security expert but thanks anyway – prince_ade Nov 19 '13 at 16:27

score 1 · Answer 3 · answered Nov 19 '13 at 15:04

using flag you can solve this problem easily. like this..

public void displayUsers(String f, String s) {
    boolean flag = false;
    try {
        String queryString = "SELECT SName, SPwd FROM staff";
        ResultSet results = Statement.executeQuery(queryString);

        while (results.next()) {
        String staffname = results.getString("SName");
        String password =  results.getString("SPwd");

           if ((f.equals(staffname)) && (s.equals(password))) {
              flag = true;
              JOptionPane.showMessageDialog(null, "Username and Password exist");  
        } 
        results.close();
        if(!flag){
               JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
        }
    } catch (SQLException sql) {

        out.println(sql);
    }

score 1 · Answer 4 · answered Apr 26 '18 at 16:53

if (username.length()>0 && password.length()>0)
{
    String query = "Select * from adminlogin Where Username='" + username + "' and Password='" + password + "'";

    rs = sta.executeQuery(query);

   if (rs.next()) 
   {

        home hme=new home();
        this.setVisible(false);
        hme.setVisible(true);
   } 
   else 
   {
       JOptionPane.showMessageDialog(null,"username and password are wrong ");
   }
}
else
{
      JOptionPane.showMessageDialog(null,"please field username and password ");
}

i think this code help you in this answer i doing first check username and password length greater then 0 then and then only check inside coding otherwise not checking code — savan patidar, Apr 26 '18 at 16:56

maiklahoz · Answer 5 · 2013-11-19T16:33:39.650

You can use:

    boolean exist = false;
    String queryString = "SELECT SName, SPwd FROM staff";
    ResultSet results = Statement.executeQuery(queryString);
    while (results.next()) {
    String staffname = results.getString("SName");
    String password =  results.getString("SPwd");

       if ((f.equals(staffname)) && (s.equals(password))) {
          exist = true;
          JOptionPane.showMessageDialog(null, "Username and Password exist");  
       }
    } 
    results.close();
    if(!exist){
           JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
    }

But you should use this:

    String queryString = "SELECT SName, SPwd FROM staff where SName=? and SPwd=?";
    ps = con.prepareStatement(queryString);
    ps.setString(1,f);
    ps.setString(2,s);
    ResultSet results = ps.executeQuery();

    if (results.next()) {
        JOptionPane.showMessageDialog(null, "Username and Password exist");  
    }else{
         JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
    } 
    results.close();
    con.close();

if the correct username and password is on line 3 the else result is given 2wice before the next result which is correct that is my major problem — prince_ade, Nov 19 '13 at 16:01
Sorry, in my code fault the end of if. I edit it. But I recommend you that use the second solution. — maiklahoz, Nov 19 '13 at 16:32

score 0 · Answer 6 · edited Jul 28 '16 at 19:24

        String queryString =" select count(*) as \"exists\" from credit where username=? and password=?";
        //set this values using PreparedStatement
        ps = con.prepareStatement(queryString);
        ps.setString(1,f);
        ps.setString(2,s);
        ResultSet results = ps.executeQuery(); 

        if (results.next()) {
               int i = results.getInt("exists");
          if(i==1)
            {
                JOptionPane.showMessageDialog(null, "Username and Password exist");  
            }
            else{
                 JOptionPane.showMessageDialog(null, "Please Check Username and Password ");
            }

Check username and password in java DataBase and give wrong password message if false

6 Answers6