Aside from what Jonathan says about the missing result.moveToFirst() call:*
Problem 1:*
It looks like you are mixing client with server code. It makes little sense
to me why you want user authentication in your Android application. But
maybe you're trying to create something like a web server that runs on
Android.
*Problem 2:*
You don't use a prepared statement for your query. What if your user enters
the name:
' OR 1=1; --
That's a login without correct credentials. Your string concatenation gets
you the following query:
SELECT user,password FROM user WHERE user='*' OR 1=1; --*'AND password=''
If you would use the following query instead you can avoid this problem:
db.rawQuery("SELECT count(*) FROM user WHERE user=? AND password=?", new
String[] {user, password});
I also changed the projection in that SELECT query because it is kind of
redundant to query data you already know.
On Saturday, December 8, 2012 1:10:11 AM UTC-6, laxman k wrote:
>
>
> <https://lh3.googleusercontent.com/-52PJkgV5W3c/UMLnpoSeUNI/AAAAAAAAAOo/LpgB6v8DfIA/s1600/Capture.JPG>
>
>
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
