Postgresql error: Column does not exist when loging in with Spring
Postgresql error: Column does not exist when loging in with Spring
好的登录过程,使用静态值而不是来自它正在工作的数据库。当我尝试使用数据库执行此操作时,问题就开始了。我曾多次尝试更改此查询,但一无所获。
好的,如果我的数据库中有用户 :gabrysia,例如密码 gabrysia999999。我遇到这样的错误:org.postgresql.util.PSQLException:错误:列 "gabrysia999999" 不存在。
.
如果需要,我可以显示 web.xml、root-context 或其他文件。
<!!!!!!!! LogonFormController Class !!!!!!!!!!! >
@RequestMapping(value = "/logonForm.html", method = RequestMethod.POST)
protected String onSubmit(HttpServletRequest request,
HttpServletResponse response, @Valid LogonCommand logon,
BindingResult errors, HttpSession session) throws Exception {
int cookieLife = 60000;
boolean value = true;
List<Register> register = rsi.booleancheckUser(logon.getLogin(),
logon.getPassword());
for (Register Register : register) {
if (Register.getUsername().equalsIgnoreCase(logon.getLogin())
&& (Register.getPassword().equals(logon.getPassword()))) {
value = false;
}
}
if (errors.hasErrors()) {
return "logonForm";
} else if (value = true) {
// wykorzystanie mechanizmĂłw logowania. Koniec z uĹĽyciem
// System.out
log.error("no user like login='" + logon.getLogin()
+ "', password='" + logon.getPassword() + "'");
// Nie tylko walidator może umieszczać opisy błędów w obiekcie
// typu BindException
errors.rejectValue("login", null,
"no user like this loginie or pass");
return "logonForm";
} else {
log.info("user logged");
if (logon.isRemember()) {
log.info("remember user in cookie");
Cookie c1 = new Cookie("login", logon.getLogin());
c1.setMaxAge(cookieLife);
response.addCookie(c1);
} else {
Cookie c1 = new Cookie("login", null);
c1.setMaxAge(0);
response.addCookie(c1);
}
session.setAttribute("logInSession", logon);
return "redirect:/";
}
}
//operation to take from database login and pass
package app.Spring.dao;
import java.util.List;
import org.hibernate.Criteria;
import org.hibernate.Query;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.SessionAttributes;
import app.Spring.domain.Register;
@SessionAttributes(value = { "register" })
public class RegisterServiceImpl implements RegisterService {
protected final Logger log = LoggerFactory.getLogger(getClass());
protected SessionFactory sessionFactory;
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
public void add(Register user) {
sessionFactory.getCurrentSession().saveOrUpdate(user);
sessionFactory.getCurrentSession().flush();
}
@Override
public List<Register> booleancheckUser(String login, String password) {
// Ta funkcja oczywiście powinna korzystać z bazy
String hqlQuery = "FROM " + Register.class.getName()
+ " v WHERE v.username='" + login + "' AND v.password="
+ password;
Query query = sessionFactory.getCurrentSession().createQuery(hqlQuery);
return (List<Register>) query.list();
}
//Register Class
package app.Spring.domain;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="register")
public class Register implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
private Long user_id;
private String username;
private String password;
public Register() {
}
@Id
@GeneratedValue
@Column(name="user_id")
public Long getId() {
return user_id;
}
public void setId(Long user_id) {
this.user_id = user_id;
}
@Column(name="username")
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(name="password")
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
}
在生成的 HQL 中,您的密码周围缺少单引号,即您正在生成此 HQL
FROM Register v WHERE v.username='gabrysia' AND v.password=gabrysia999999
应该是这样的:
FROM Register v WHERE v.username='gabrysia' AND v.password='gabrysia999999'
错误是因为它将未引用的值 gabrysia999999
视为列
更新
我在提问时回答了这个问题,但应该注意其他评论者提到你应该使用防止 SQL 注入的语义
您应该在查询中添加参数以防止各种问题,包括 SQL 注入。
String hqlQuery = "FROM " + Register.class.getName()
+ " v WHERE v.username=:login AND v.password=:password";
Query query = sessionFactory.getCurrentSession()
.createQuery(hqlQuery)
.setParameter("login", login)
.setParameter("password", password);
return (List<Register>) query.list();
您可以阅读更多内容here。
好的登录过程,使用静态值而不是来自它正在工作的数据库。当我尝试使用数据库执行此操作时,问题就开始了。我曾多次尝试更改此查询,但一无所获。
好的,如果我的数据库中有用户 :gabrysia,例如密码 gabrysia999999。我遇到这样的错误:org.postgresql.util.PSQLException:错误:列 "gabrysia999999" 不存在。 . 如果需要,我可以显示 web.xml、root-context 或其他文件。
<!!!!!!!! LogonFormController Class !!!!!!!!!!! >
@RequestMapping(value = "/logonForm.html", method = RequestMethod.POST)
protected String onSubmit(HttpServletRequest request,
HttpServletResponse response, @Valid LogonCommand logon,
BindingResult errors, HttpSession session) throws Exception {
int cookieLife = 60000;
boolean value = true;
List<Register> register = rsi.booleancheckUser(logon.getLogin(),
logon.getPassword());
for (Register Register : register) {
if (Register.getUsername().equalsIgnoreCase(logon.getLogin())
&& (Register.getPassword().equals(logon.getPassword()))) {
value = false;
}
}
if (errors.hasErrors()) {
return "logonForm";
} else if (value = true) {
// wykorzystanie mechanizmĂłw logowania. Koniec z uĹĽyciem
// System.out
log.error("no user like login='" + logon.getLogin()
+ "', password='" + logon.getPassword() + "'");
// Nie tylko walidator może umieszczać opisy błędów w obiekcie
// typu BindException
errors.rejectValue("login", null,
"no user like this loginie or pass");
return "logonForm";
} else {
log.info("user logged");
if (logon.isRemember()) {
log.info("remember user in cookie");
Cookie c1 = new Cookie("login", logon.getLogin());
c1.setMaxAge(cookieLife);
response.addCookie(c1);
} else {
Cookie c1 = new Cookie("login", null);
c1.setMaxAge(0);
response.addCookie(c1);
}
session.setAttribute("logInSession", logon);
return "redirect:/";
}
}
//operation to take from database login and pass
package app.Spring.dao;
import java.util.List;
import org.hibernate.Criteria;
import org.hibernate.Query;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.SessionAttributes;
import app.Spring.domain.Register;
@SessionAttributes(value = { "register" })
public class RegisterServiceImpl implements RegisterService {
protected final Logger log = LoggerFactory.getLogger(getClass());
protected SessionFactory sessionFactory;
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
public void add(Register user) {
sessionFactory.getCurrentSession().saveOrUpdate(user);
sessionFactory.getCurrentSession().flush();
}
@Override
public List<Register> booleancheckUser(String login, String password) {
// Ta funkcja oczywiście powinna korzystać z bazy
String hqlQuery = "FROM " + Register.class.getName()
+ " v WHERE v.username='" + login + "' AND v.password="
+ password;
Query query = sessionFactory.getCurrentSession().createQuery(hqlQuery);
return (List<Register>) query.list();
}
//Register Class
package app.Spring.domain;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="register")
public class Register implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
private Long user_id;
private String username;
private String password;
public Register() {
}
@Id
@GeneratedValue
@Column(name="user_id")
public Long getId() {
return user_id;
}
public void setId(Long user_id) {
this.user_id = user_id;
}
@Column(name="username")
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(name="password")
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
} }
在生成的 HQL 中,您的密码周围缺少单引号,即您正在生成此 HQL
FROM Register v WHERE v.username='gabrysia' AND v.password=gabrysia999999
应该是这样的:
FROM Register v WHERE v.username='gabrysia' AND v.password='gabrysia999999'
错误是因为它将未引用的值 gabrysia999999
视为列
更新
我在提问时回答了这个问题,但应该注意其他评论者提到你应该使用防止 SQL 注入的语义
您应该在查询中添加参数以防止各种问题,包括 SQL 注入。
String hqlQuery = "FROM " + Register.class.getName()
+ " v WHERE v.username=:login AND v.password=:password";
Query query = sessionFactory.getCurrentSession()
.createQuery(hqlQuery)
.setParameter("login", login)
.setParameter("password", password);
return (List<Register>) query.list();
您可以阅读更多内容here。