From 735e22b1fa27610746bccf2bbef474713589969f Mon Sep 17 00:00:00 2001 From: Felix Schumacher Date: Thu, 26 Aug 2010 22:34:31 +0200 Subject: [PATCH] correct usage of prepared statement --- src/org/mcb/services/udac.java | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/org/mcb/services/udac.java b/src/org/mcb/services/udac.java index afe59e6..3a8e7da 100644 --- a/src/org/mcb/services/udac.java +++ b/src/org/mcb/services/udac.java @@ -7,6 +7,7 @@ package org.mcb.services; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; +import java.util.logging.Logger; public class udac { @@ -33,15 +34,19 @@ public class udac { } catch (Exception e) { System.out.println(e); } - String searchQuery = "SELECT a.USER_ID,a.NAME, a.BRANCH_CODE, a.PASSWORD, a.LAST_LOGIN_DATE, a.ROLE_ID, b.ROLE_DESC FROM LOGIN_INFORMATION a, ROLES b WHERE a.ACTIVE = 'A' AND a.ROLE_ID = b.ROLE_ID " - + "AND LOWER(a.USER_ID) = LOWER(?) AND a.PASSWORD = ?"; + String searchQuery = "SELECT a.USER_ID, a.NAME, a.BRANCH_CODE, a.PASSWORD, a.LAST_LOGIN_DATE, a.ROLE_ID, b.ROLE_DESC" + + " FROM LOGIN_INFORMATION a, ROLES b" + + " WHERE a.ACTIVE = 'A'" + + " AND a.ROLE_ID = b.ROLE_ID" + + " AND LOWER(a.USER_ID) = LOWER(?)" + " AND a.PASSWORD = ?"; try { // connect to DB currentCon = connectionmanager.scgm_conn(); stmt = currentCon.prepareStatement(searchQuery); stmt.setString(1, userId); stmt.setString(2, epass); - rs = stmt.executeQuery(searchQuery); + stmt.execute(); + rs = stmt.getResultSet(); while (rs.next()) { UserBean user = new UserBean(); name = rs.getString("NAME"); @@ -63,8 +68,9 @@ public class udac { .println("Sorry, you are not a registered user! Please sign up first " + searchQuery); } catch (Exception ex) { - System.out.println("Log In failed: An Exception has occurred! " - + ex); + Logger.getLogger(this.getClass().getCanonicalName()).severe( + "Log in failed"); + ex.printStackTrace(); } // some exception handling finally { -- 2.11.0