Re: Login Authentication against database...

[Miao, Franco CAWS:EX]

Title: Message

I understand the UserPassword field in database sever will show the exact character, is it possible to display **** ?   Franco   Franco-----Original Message----- From: Praveen Potineni [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 14, 2001 11:20 AM To: [EMAIL PROTECTED] Subject: Re: Login Authentication against database... That's exactly what i did. I got only one record and test if the user exist. Else it goes to login screen. But i still get the same error. Well i figured that i'm getting problem comparing the 2 strings... string coming out of database and the string entered by user. Can u check the code and suggest me on this... Thanks in advance Praveen      String sqlStr = "SELECT * FROM SAMM.UsersLogin WHERE UserLoginId = '"+username+"' AND UserPassword = '"+password+"'";    stmt = myConn.createStatement();    myResultSet = stmt.executeQuery(sqlStr);    if(myResultSet.next() == false)    {     log("resulset is null.");    }    else{     log("resultset is true");       String uid = myResultSet.getString("UserLoginId");     String upin = myResultSet.getString("UserPassword");       if ((username.equalsIgnoreCase(uid)) && (password.equalsIgnoreCase(upin))){       validUser = "true";     }     else{       validUser = "false";     }     log("validUser is : " +validUser);     }    myResultSet.close();    stmt.close();   }   catch(SQLException sqle){    //System.out.println("User Does not exist Exception: +sqle.toString()");    //log("DBObject.validUserExists: Exception: "+sqle.toString());   }   return validUser;  } ----- Original Message ----- From: Joe Cheng To: [EMAIL PROTECTED] Sent: Wednesday, November 14, 2001 1:45 PM Subject: Re: Login Authentication against database... Praveen-   It looks like your query is retrieving the whole set of users and then iterating in Java to see if any of them match the username/password the user entered.  Why would you do that, rather than simply:   SELECT * FROM users WHERE username = '<username entered by user>' AND password = '<password entered by user>';   and see if any rows are returned.  If there are no rows, the username and/or password was wrong.  This way you don't have to deal with so much data, making it potentially much faster and less memory intensive.   -jmc