Logged as user statement in Java

Question

*In the Login page user give his username and password and logging in to the Home Page.(checking user details with MySQL database and validating data).

*In the Home page I want to show Logged As : [Logged user name] . I tried below method but not successful.

 public void showUsername() throws SQLException{



    String sql1 = "SELECT username FROM logininfo WHERE username= '"+uname+"'" ;

    stmt = conn.createStatement();
    rs = stmt.executeQuery(sql1);

    while(rs.next()){
        String name=rs.getString("username");
        loggedUname_lbl.setText("You are Logged in as : "+name);
   }

*uname is the text given by the user as the username in the Login page.

why do you want to get the username out of the database if you already know it? — tagtraeumer, Jul 10 '15 at 06:29
Is your code inside while runs? Is there any exception? What happens when your code runs? — Aakash, Jul 10 '15 at 06:30
Bad idea to create a login mechanism with like instead of equals — Zelldon, Jul 10 '15 at 06:56
@tenten, you use the commented query and the commented pstmt.setString(1, uname); for an exact match. — Kalyan Chavali, Jul 10 '15 at 06:59

score 1 · Answer 1 · edited May 23 '17 at 10:28

1

Try to use prepared statement and use the below query. If there is this username (uname) in table logininfo, it should be retrieved. It is always advisable to use prepared statements , it can prevent SQL Injection

How does prepared statement prevent SQL Injection

        public void showUsername() throws SQLException{

    PreparedStatement pstmt = null;

            String sql1 = "SELECT username FROM logininfo WHERE username LIKE ?" ;
  // String sql1 = "SELECT username FROM logininfo WHERE username = ?" ;
//Use above  query for an exact match 

            pstmt = conn.prepareStatement(sql1);
            pstmt.setString(1,  "%" + uname + "%");
           // pstmt.setString(1, uname); Use this for the exact match query

            rs = pstmt.executeQuery(sql1);

            while(rs.next()){
                String name=rs.getString("username");
                loggedUname_lbl.setText("You are Logged in as : "+name);
           }
        }

edited May 23 '17 at 10:28

Community

1
1

answered Jul 10 '15 at 06:37

Kalyan Chavali

1,220
7
24

Really? I want to impl. a login mechanism which checks the user name with like ? So i can login with the name 'ame' instead of 'name'?! Why should somebody ever want this ?! – Zelldon Jul 10 '15 at 06:51
Not sure ;) , @tenten wanted this . – Kalyan Chavali Jul 10 '15 at 06:53
You're right sorry to bother you i though i had the idea :D – Zelldon Jul 10 '15 at 06:55
@Kalyan Chavali that is not I wanted :( – tenten Jul 10 '15 at 06:56
The changed query in comments ? Not that as well ? What do you need then ? – Kalyan Chavali Jul 10 '15 at 06:57
@Kalyan Chavali no no that is helpful thanks.. before I done a mistake using LIKE ..I realized that and corrected it :) – tenten Jul 10 '15 at 07:01
Also please prefer prepared statements to normal statement. This prevents SQL Injection. And maybe if you can vote and accept my answer, it would be cool :) – Kalyan Chavali Jul 10 '15 at 07:03

score 0 · Answer 2 · answered Jul 10 '15 at 07:10

0

If you look at your database query, it does not make any sense. You select what you already know!

This is all you need to solve your problem:

public void showUsername() {
    loggedUname_lbl.setText("You are logged in as: " + uname);
}

answered Jul 10 '15 at 07:10

Mathias Begert

2,034
1
12
26

Logged as user statement in Java

2 Answers2