Problem with a one-way structure

Asked

Viewed 53 times

-1

Well I made a method to change password

where it does a select in the database to see if the login and password entered are equal in the database

String sql = "SELECT id_usuario,nome,senha FROM usuario where login = ? and senha = ?";
    try {
        PreparedStatement stmt = con.prepareStatement(sql);
        stmt.setString(1, u.getLogin());
        stmt.setString(2, u.getSenha());
        ResultSet rs = stmt.executeQuery();

and then I did that check with an if:

  if (rs.next()){
            String update = "UPDATE usuario SET senha=? WHERE id_usuario = " +Sessao.getInstancia().getUsuario().getId()+ "";
            PreparedStatement stmt2 = con.prepareStatement(sql);
            stmt2.setString(1, u.getNovaSenha());
            ResultSet rs2 = stmt2.executeQuery();

            return true;
        }

to update the password if id equals the id of the connected user I debugged and checked that it is getting the user id normally, but it is giving this error:

GRAVE: null
java.sql.SQLException: No value specified for parameter 2

I know it has to do with structure, but I have no idea where I went wrong and how and where I would close the connection with the comic dps of that?

  • 2

    Because you started doing the code the right way and then decided to open your application to have a SQL Injection and be invaded?

  • I’m new in java I did it in the attempt, but I would close again the connection.

  • Could you give me a hand how I would improve this? or an easier way.

  • So start by learning the basics, doing the kick, trying to guess things don’t work out so well. Just now you tried to guess again, thinking that closing something will eliminate SQL Injection. You will have serious problems trying to programmer this way, you have to understand everything that is happening with the code. Whatever you put in it and don’t master what’s there, it’s already wrong, even if it works.

  • My mistake was to open another connection? Could you help me explain better about it and a way to resolve ?

  • Perhaps the best way is to update when login / password / id is equal to login password?

  • Read my first two comments, let’s stay in circles here.

  • I recommend: https://answall.com/q/172909/132

  • Edit the question and post the entire code of the method in question. I have the impression that without this you cannot answer the question satisfactorily.

  • Ah, and how do you get this variable con?

  • I also recommend: https://answall.com/q/2402/132

  • @Victorstafusa opa man vlw I have already solved with a method, I get the con through the user class constructor :

  • ended up like this:

  • public Boolean changeSenha(User u){ String sql = "UPDATE user SET password=? WHERE id_usuario = " +Sessao.getInstancia(). getUsuario(). getId()+" and login='"+Sessao.getInstancia(). getUsuario(). getLogin()+"' and password=?" ;
 try {
 PreparedStatement stmt = con.prepareStatement(sql);
 stmt.setString(1, u.getNovaSenha());
 stmt.setString(2, u.getSenha());
 stmt.execute();
 stmt.close();
 con.close();

  • will now be good?

Show 10 more comments

1 answer

1


Dude, the ideal is for you to have methods for every thing you want to do separately and not all in one.. for example, you can have a method of checking user (return Boolean), and another to change password (which would receive as parameter an id) ready!

public boolean verificarUsuario(Usuario u) {
        String sql = "SELECT * FROM usuario WHERE nome = ?";
        PreparedStatement stmt = null;
        ResultSet rs = null;
        try {
            stmt = con.prepareStatement(sql);
            stmt.setString(1, u.getNome());
            rs = stmt.executeQuery();
            rs.first();
            return rs.getString("senha").equals(u.getSenha());
        } catch (SQLException ex) {
            System.err.println("ERRO: " + ex);
        } finally {
            ConnectionFactoryMySQL.closeConnection(con, stmt, rs);
        }
    }

and then have the password change method:

public boolean updateUsuario(Usuario u) {
        String sql = "UPDATE usuario SET senha = ? WHERE nome = ?";
        PreparedStatement stmt= null;
        try {
            stmt= con.prepareStatement(sql);
            stmt.setString(1, u.getSenha());
            stmt.setString(2, u.getNome());
            stmt.executeUpdate();
            return true;
        } catch (SQLException ex) {
            System.err.println("ERRO: " + ex);
            return false;
        }finally{
            ConnectionFactoryMySQL.closeConnection(con, stmt);
        }
    }
  • vlw man I managed to do with only one method, but it gave me some ideas for other functions of the program, mt thank you.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.