Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>So many things wrong with this... :-/</p> <ol> <li>The big one - <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow noreferrer">SQL Injection</a>. Don't write another line of SQL in your code until you understand it. And that's not an exaggeration for effect; code written without understanding of this is likely to give an attacker arbitrary access to your database.</li> <li>You shouldn't be able to issue a query like this because you should never store passwords in plaintext. Instead, you should calculate and store some kind of (preferably salted) hash of the password, and then hash the submitted password and compare this. See, for example, <a href="https://stackoverflow.com/questions/947618/how-to-best-store-user-information-and-user-login-and-password">How to best store user login and password</a> and <a href="https://stackoverflow.com/questions/674904/salting-your-password-best-practices">Salting your password</a> here on SO. This is <strong>especially</strong> bad given your SQL injection vulnerability.</li> <li><code>select * from reg</code> is unnecessary given that you just want to know if a row exists. If you used <code>select 1</code> instead the database wouldn't have to inspect the contents of the row and could serve the query results from just the index. If you expected there to be lots of rows, <code>select 1 where exists ...</code> would be faster as this would allow the DB to shortcircuit the query after finding at least one row.</li> <li>You're not closing the statement and result set in <code>finally</code> blocks. This means that they are not guaranteed to always be disposed (e.g. if there's a <code>SQLException</code> thrown) leading to resource and connection leaks.</li> </ol>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload