This Java code attempts to establish a connection to a MySQL database and verify user credentials. However, there are several errors in the code that need to be addressed:
-
ClassNotFoundException for MySQL Driver Manager: In the
conectarBD()method, the lineClass.forName("com.mysql.Driver.Manager").newInstance();is incorrect. The correct class name for MySQL driver manager iscom.mysql.jdbc.Driver, notcom.mysql.Driver.Manager. This line should be changed to:Class.forName("com.mysql.jdbc.Driver");
-
SQL Injection Vulnerability: In the
verificarUsuario()method, the SQL query is concatenated using string manipulation. This is vulnerable to SQL injection attacks. It's recommended to use parameterized queries instead to prevent such vulnerabilities. The corrected SQL query should look like:sql += "select nome from usuarios "; sql +="where login = ? and senha = ?";
And then set the parameters using
PreparedStatement:PreparedStatement st = conn.prepareStatement(sql); st.setString(1, usuario); st.setString(2, senha);
-
Variable Naming Error: In the
verificarUsuario()method, the parameters are namedusuarioandsenha, but the SQL query is trying to use variables namedloginandsenha. It seems there is a variable naming inconsistency. You should use the correct variable names in the SQL query. -
Resource Management: The code lacks proper resource management for the database connections, statements, and result sets. It's important to close these resources properly after their use to avoid resource leaks. This can be done using try-with-resources statement in Java.
By addressing these errors, the code will be more secure, maintainable, and less prone to bugs.