* @author yawar.saeed
*/
import java.sql.Connection;
+import java.sql.PreparedStatement;
import java.sql.ResultSet;
-import java.sql.Statement;
public class udac {
// preparing some objects for connection
Connection currentCon = null;
ResultSet rs = null;
- Statement stmt = null;
+ PreparedStatement stmt = null;
String epass = null;
String name = null;
String user_id = null;
} catch (Exception e) {
System.out.println(e);
}
- String searchQuery = "SELECT a.USER_ID,a.NAME, a.BRANCH_CODE, a.PASSWORD, a.LAST_LOGIN_DATE, a.ROLE_ID, b.ROLE_DESC FROM LOGIN_INFORMATION a, ROLES b WHERE a.ACTIVE = 'A' AND a.ROLE_ID = b.ROLE_ID ";
- searchQuery = searchQuery + "AND LOWER(a.USER_ID) = LOWER('" + userId
- + "') AND a.PASSWORD = '" + epass + "'";
+ String searchQuery = "SELECT a.USER_ID,a.NAME, a.BRANCH_CODE, a.PASSWORD, a.LAST_LOGIN_DATE, a.ROLE_ID, b.ROLE_DESC FROM LOGIN_INFORMATION a, ROLES b WHERE a.ACTIVE = 'A' AND a.ROLE_ID = b.ROLE_ID "
+ + "AND LOWER(a.USER_ID) = LOWER(?) AND a.PASSWORD = ?";
try {
// connect to DB
currentCon = connectionmanager.scgm_conn();
- stmt = currentCon.createStatement();
+ stmt = currentCon.prepareStatement(searchQuery);
+ stmt.setString(1, userId);
+ stmt.setString(2, epass);
rs = stmt.executeQuery(searchQuery);
- boolean hasdata = false;
while (rs.next()) {
UserBean user = new UserBean();
- hasdata = true;
name = rs.getString("NAME");
user_id = rs.getString("USER_ID");
branch_code = rs.getString("BRANCH_CODE");
user.setValid(true);
return user;
}
- if (!hasdata) {
- System.out
- .println("Sorry, you are not a registered user! Please sign up first "
- + searchQuery);
- }
+ System.out
+ .println("Sorry, you are not a registered user! Please sign up first "
+ + searchQuery);
} catch (Exception ex) {
System.out.println("Log In failed: An Exception has occurred! "
+ ex);
projects / problems.git / commitdiff