0

I'm getting the error in the first line i guess! Please help me out in dealing with it. I'm basically trying to execute a query through my front end 

try {            
        ResultSet rs=st.executeQuery("select *from Login Username ='"+username+"' and Password  '"+password+"'");
        rs.last();
        int counter = rs.getRow();
        if (counter==1){
            JOptionPane.showMessageDialog(null,"Username and Password Correct","Username and Password Correct",JOptionPane.INFORMATION_MESSAGE);

            this.setVisible(false);
            new Menu().setVisible(true);
            hide();
            }else{
            jt_username.setText("");
            jp_password.setText("");
            JOptionPane.showMessageDialog(null,"Error","Username and Password Incorrect",JOptionPane.INFORMATION_MESSAGE);            
        }
    }
    catch (SQLException ex) {
        JOptionPane.showMessageDialog(null, ex);
    }
Improve this question
4
  • I've replaced my code with where statement but now its showing this com.microsoft.sqlserver.jdbc.SQLServerexception:incorrect syntax near". Commented Dec 28, 2013 at 19:14
  • 2
    There are four things wrong that I can see. (1) You shouldn't store passwords in plain text, hash them. (2) Missing WHERE between Login and Username (3) missing an = after Password. (4) vulnerable to SQL injection. Use parameterised queries. Commented Dec 28, 2013 at 19:36
  • Thank you very much for your help I've sorted out the error and now its working perfectly fine :) Commented Dec 28, 2013 at 19:45
  • If all you have done is fixed the syntax errors it is not working fine. It will break for passwords/user names containing single quotes. And this will also allow SQL injection allowing your login to be entirely bypassed (or worse). Commented Dec 28, 2013 at 19:47

1 Answer 1

Reset to default
3

Your SQL is missing the WHERE keyword. Try this on for size:

ResultSet rs=st.executeQuery("select * from Login WHERE Username ='"+username+"' and Password=  '"+password+"'");
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Please show how to perform parameterised queries in your answer. There is no value in just fixing the trivial syntax errors.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.