Problem with a one-way structure

Question

Problem with a one-way structure

Asked 5 years ago

Viewed 53 times

-1

Well I made a method to change password

where it does a select in the database to see if the login and password entered are equal in the database

String sql = "SELECT id_usuario,nome,senha FROM usuario where login = ? and senha = ?";
    try {
        PreparedStatement stmt = con.prepareStatement(sql);
        stmt.setString(1, u.getLogin());
        stmt.setString(2, u.getSenha());
        ResultSet rs = stmt.executeQuery();

and then I did that check with an if:

  if (rs.next()){
            String update = "UPDATE usuario SET senha=? WHERE id_usuario = " +Sessao.getInstancia().getUsuario().getId()+ "";
            PreparedStatement stmt2 = con.prepareStatement(sql);
            stmt2.setString(1, u.getNovaSenha());
            ResultSet rs2 = stmt2.executeQuery();

            return true;
        }

to update the password if id equals the id of the connected user I debugged and checked that it is getting the user id normally, but it is giving this error:

GRAVE: null
java.sql.SQLException: No value specified for parameter 2

I know it has to do with structure, but I have no idea where I went wrong and how and where I would close the connection with the comic dps of that?

2

Because you started doing the code the right way and then decided to open your application to have a SQL Injection and be invaded?

– Maniero

2019/06/17 at 17:26
I’m new in java I did it in the attempt, but I would close again the connection.

– Felipe

2019/06/17 at 17:28
Could you give me a hand how I would improve this? or an easier way.

– Felipe

2019/06/17 at 17:29
So start by learning the basics, doing the kick, trying to guess things don’t work out so well. Just now you tried to guess again, thinking that closing something will eliminate SQL Injection. You will have serious problems trying to programmer this way, you have to understand everything that is happening with the code. Whatever you put in it and don’t master what’s there, it’s already wrong, even if it works.

– Maniero

2019/06/17 at 17:36
My mistake was to open another connection? Could you help me explain better about it and a way to resolve ?

– Felipe

2019/06/17 at 17:42
Perhaps the best way is to update when login / password / id is equal to login password?

– Felipe

2019/06/17 at 17:44
Read my first two comments, let’s stay in circles here.

– Maniero

2019/06/17 at 18:03
I recommend: https://answall.com/q/172909/132

– Victor Stafusa

2019/06/17 at 19:33
Edit the question and post the entire code of the method in question. I have the impression that without this you cannot answer the question satisfactorily.

– Victor Stafusa

2019/06/17 at 19:36
Ah, and how do you get this variable con?

– Victor Stafusa

2019/06/17 at 19:37
I also recommend: https://answall.com/q/2402/132

– Victor Stafusa

2019/06/17 at 19:38
@Victorstafusa opa man vlw I have already solved with a method, I get the con through the user class constructor :

– Felipe

2019/06/17 at 20:06
ended up like this:

– Felipe

2019/06/17 at 20:06
public Boolean changeSenha(User u){ String sql = "UPDATE user SET password=? WHERE id_usuario = " +Sessao.getInstancia(). getUsuario(). getId()+" and login='"+Sessao.getInstancia(). getUsuario(). getLogin()+"' and password=?" ;
 try {
 PreparedStatement stmt = con.prepareStatement(sql);
 stmt.setString(1, u.getNovaSenha());
 stmt.setString(2, u.getSenha());
 stmt.execute();
 stmt.close();
 con.close();

– Felipe

2019/06/17 at 20:06
will now be good?

– Felipe

2019/06/17 at 20:06

Show 10 more comments

1 answer

Browser other questions tagged java jdbc

You are not signed in. Login or sign up in order to post.

by Jonathan CR • **673** points · Answer 1 · 2019-06-18T15:09:00+00:00

Dude, the ideal is for you to have methods for every thing you want to do separately and not all in one.. for example, you can have a method of checking user (return Boolean), and another to change password (which would receive as parameter an id) ready!

public boolean verificarUsuario(Usuario u) {
        String sql = "SELECT * FROM usuario WHERE nome = ?";
        PreparedStatement stmt = null;
        ResultSet rs = null;
        try {
            stmt = con.prepareStatement(sql);
            stmt.setString(1, u.getNome());
            rs = stmt.executeQuery();
            rs.first();
            return rs.getString("senha").equals(u.getSenha());
        } catch (SQLException ex) {
            System.err.println("ERRO: " + ex);
        } finally {
            ConnectionFactoryMySQL.closeConnection(con, stmt, rs);
        }
    }

and then have the password change method:

public boolean updateUsuario(Usuario u) {
        String sql = "UPDATE usuario SET senha = ? WHERE nome = ?";
        PreparedStatement stmt= null;
        try {
            stmt= con.prepareStatement(sql);
            stmt.setString(1, u.getSenha());
            stmt.setString(2, u.getNome());
            stmt.executeUpdate();
            return true;
        } catch (SQLException ex) {
            System.err.println("ERRO: " + ex);
            return false;
        }finally{
            ConnectionFactoryMySQL.closeConnection(con, stmt);
        }
    }