Solved Issue SQL equals String

Discussion in 'Spigot Plugin Development' started by GeraldFrito, May 4, 2021.

Thread Status:
Not open for further replies.
  1. I had a method that checks from Database if player's name is exists. The problem is that if I join to the server with "geraldfrito" and I'm registered on Database as "GeraldFrito", it return true what it has to be the opposite.

    What could it be the problem?

    The variable "nickname" has the value "geraldfrito". In database the nickname is "GeraldFrito".
    Code (Java):
    public static boolean exists(String nickname) {
            try {
                ps = connection.prepareStatement("SELECT * FROM user_accounts WHERE nickname='" + nickname + "'");
                ResultSet rs = ps.executeQuery();
                boolean result = (rs.next());
                ps.close();
                return result;
            } catch (SQLException e) {
                e.printStackTrace();
            }
            return false;
        }
    From another class, I use a conditional like: "if(exists(player#getName()))...".
     
  2. That's actually troublesome, but not in your case. It's bad practice to allow people with differently capitalised usernames join the server, or even websites and so on.

    Anyways, try to use UUIDs instead of nicknames, maybe that's gonna be a solution?
     
  3. Strahan

    Benefactor

    Wait, so you want it to be case sensitive? Because by default, if you join as geraldfrito and GeraldFrito is in the DB, it should be returning true. If you want geraldfrito to return false, you need to throw "BINARY" before the name of the column.

    Also, that is not how you use a PreparedStatement. That is vulnerable to SQL injection, though the odds of an exploit in this particular usage would be incredibly unlikely. Still best to stay in the habit of doing things the right way:
    Code (Text):
    ps = connection.prepareStatement("SELECT * FROM user_accounts WHERE nickname = ?");
    ps.setString(1, nickname);
    ResultSet rs = ps.executeQuery();
     
  4. I understand you (both). But whiy Minecraft detect "GeraldFrito" and "geraldfrito" as different player data. I mean, I join to my server as "GeraldFrito" and I have my inventory. When I join as "geraldfrito", I don't have mine (inventory). Any solution?
     
  5. I read a little bit more about offline mode. How can I set when player join (no matter if he has the name in case sensitive or not) set the player data linked by its UUID (I mean the one is saved in "playerdata") and it has the inventory? Is it possible?
     
  6. If you're using MySQL set your table collation to "utf8_bin", because default ones are case insensitive.
    Also its 2021 you shouldn't use names to store anything in database anyway.
     
  7. Thanks for your help guys. I appreciate.
     
Thread Status:
Not open for further replies.