0

My DAOimpl 

session.beginTransaction();
String password=login_name.getLogin_password();
String username=login_name.getLogin_name();
Query query=session.createQuery("select login_id,login_name,login_password from Login where login_name='"+username+"' and login_password='"+password+"'");
return query.list();

This is the code and I want to change these to CRITERIA. I want to verify the username and password for my login table using criteria is there any possibilities. Am using hibernate for mapping and am using Spring.

And also I want to convert the list into JSON format

I want to check username and password in my service and return that list into JSON format.I check number of examples but i did't have clear idea on that one.

Finally i use the Query to check my username and password and return that list and show it in my rest client.

But i want to show that in JSON how can do that one..?

Andrea
  • 11,801
  • 17
  • 65
  • 72
HHP
  • 3
  • 3
  • 2
    SQL Injection possible. Book scenario – Lukasz Szozda Oct 27 '15 at 13:43
  • can you please explain it..and also am want to list it in an JSON format – HHP Oct 27 '15 at 13:45
  • 1
    As @lad2025 said, you are vulnerable to SQL Injection, use **prepared statements**. Also **never** store passwords as plain-text in your database - [hash](http://stackoverflow.com/a/2861125/3240813) them instead. So, hash the entered password and then compare with the one in the database. – Krenor Oct 27 '15 at 13:45
  • [SQL injection from wiki for starting point](https://en.wikipedia.org/wiki/SQL_injection#Incorrectly_filtered_escape_characters) Better way is to bind parameters – Lukasz Szozda Oct 27 '15 at 13:46
  • is it any possibilities to do that using criteria – HHP Oct 27 '15 at 13:48
  • @hhp can you be more specific what you mean with "using criteria"? – Krenor Oct 27 '15 at 13:51
  • That means while using criteria am able to give the output in JSON format,`session.beginTransaction(); Criteria criteria = session.createCriteria(Login.class); return criteria.list();` which is used to save the data to the table using hibernate mapping from JSON format – HHP Oct 27 '15 at 14:08

2 Answers2

0

I guess OP is asking for prepared statemnt, so I don't understand why everybody comments about SQL injection.

Since I am not java or hibernate expert here is my approach:

session.beginTransaction();
String password=login_name.getLogin_password();
String username=login_name.getLogin_name();
Query query=session.createQuery("select login_id,login_name,login_password from Login where login_name= :username and login_password= :password ");
query.setParameter("username", username);
query.setParameter("password", password);
return query.list();
Alex
  • 16,739
  • 1
  • 28
  • 51
0

you have to add jackson library in your pom.xml. then you can convert into json as follows....

new ObjectMapper().WriteValueAsString(list);

it automatically convert into json format.

Vasim Akram
  • 80
  • 1
  • 9