2

I am developing a basic program that has 3 JFrames. A log-in, a registration and a Dashboard to be opened after successful log-in attempt. However, I am getting an error after typing in the username and password and clicking log-in button.

Here's the error:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' password='1234'' at line 1

And here's my code:

import java.awt.BorderLayout;
import java.awt.EventQueue;

import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.border.EmptyBorder;

import com.mysql.jdbc.Statement;

import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.ImageIcon;
import java.awt.Font;
import javax.swing.JTextField;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.awt.event.ActionEvent;

public class Login extends JFrame {

private JPanel contentPane;
private JTextField txtUsrName;
private JTextField txtPAss;

/**
 * Launch the application.
 */
public static void main(String[] args) {
    EventQueue.invokeLater(new Runnable() {
        public void run() {
            try {
                Login frame = new Login();
                frame.setVisible(true);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    });
}

/**
 * Create the frame.
 */
public Login() {
    setDefaultCloseOperation(JFrame.HIDE_ON_CLOSE);
    setBounds(100, 100, 450, 348);
    contentPane = new JPanel();
    contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));
    setContentPane(contentPane);
    contentPane.setLayout(null);

    JLabel lblLogin = new JLabel("Welcome To TechApp");
    lblLogin.setFont(new Font("Tekton Pro", Font.PLAIN, 18));
    lblLogin.setBounds(135, 19, 163, 28);
    contentPane.add(lblLogin);

    JLabel lblUsername = new JLabel("UserName:");
    lblUsername.setFont(new Font("Alaska", Font.PLAIN, 15));
    lblUsername.setBounds(174, 58, 88, 28);
    contentPane.add(lblUsername);

    txtUsrName = new JTextField();
    txtUsrName.setBounds(145, 90, 132, 20);
    contentPane.add(txtUsrName);
    txtUsrName.setColumns(10);

    JLabel lblPassword = new JLabel("Password:");
    lblPassword.setFont(new Font("Alaska", Font.PLAIN, 15));
    lblPassword.setBounds(182, 118, 95, 46);
    contentPane.add(lblPassword);

    txtPAss = new JTextField();
    txtPAss.setColumns(10);
    txtPAss.setBounds(145, 156, 132, 20);
    contentPane.add(txtPAss);

    JButton btnNewButton = new JButton("login");
    btnNewButton.addActionListener(new ActionListener() {
        public void actionPerformed(ActionEvent e) {


            String _username = txtUsrName.getText();
            String _password = txtPAss.getText();
            String url = "jdbc:mysql://127.0.0.1:3306/javabase";
            String user = "java";
            String passw = "password";

            try{
                // 1.Get a connection To Database
                Connection myConn = DriverManager.getConnection(url, user, passw);

                // 2.Create a statement
                Statement myStmt = (Statement) myConn.createStatement();

                // 3.Execute SQL Query
                String sql = "SELECT userame, password FROM registration WHERE userame='"+_username+"', password='"+_password+"' ";
                ResultSet result = myStmt.executeQuery(sql);
                //myStmt.executeUpdate(sql);

                int count = 0;
                while(result.next()){
                    count = count + 1;
                }
                if(count == 1){
                    Dashboard frame = new Dashboard();
                    frame.setVisible(true);
                }
                else if(count > 1){
                    JOptionPane.showMessageDialog(null, "Duplicate User! Access Denied!");
                }
                else{
                    JOptionPane.showMessageDialog(null, "User Not Found!");
                }


            }
            catch(Exception ex)
            {
                ex.printStackTrace();
            }





        }
    });
    btnNewButton.setBounds(169, 202, 89, 49);
    contentPane.add(btnNewButton);

    JButton btnRegister = new JButton("Register");
    btnRegister.addActionListener(new ActionListener() {
        public void actionPerformed(ActionEvent e) {
            Main frame = new Main();
            frame.setVisible(true);
        }
    });
    btnRegister.setBounds(168, 264, 89, 23);
    contentPane.add(btnRegister);

    JLabel lblNewLabel = new JLabel("");
    lblNewLabel.setFont(new Font("Alaska", Font.PLAIN, 16));
    lblNewLabel.setIcon(new ImageIcon("D:\\ExploitGate\\MAS-9831-Offwhite2.jpg"));
    lblNewLabel.setBounds(0, 0, 434, 310);
    contentPane.add(lblNewLabel);
}
}

I've searched the stackoverflow forum and carried out the possible solution given here Can anyone please guide me how to handle this error? Thanks In Advance :)

Improve this question
1
  • I think you need to use password='"+_password+"'' "; rather than password='"+_password+"' "; -- notice the lack of a closing ' character at the end of the "password" value. Commented Jul 25, 2016 at 19:07

2 Answers 2

Reset to default
4

All of the above code is basically useless. It's an SQL syntax error, which means it's this one line:

... WHERE userame='"+_username+"', password='"+_password+"' ";
                                 ^---

you don't use , to separate where clause arguments. You use boolean operations. and, or, etc...

And note that you're vulnerable to sql injection attacks

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, I know, I am have just learned Database connectivity in Java. So now I will focus on the security stuff. Thanks tho :)
1

You were using a comma , between your WHERE clauses rather than an AND.

String sql = "SELECT userame, password FROM registration WHERE userame='"+_username+"' AND password='"+_password+"' ";

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.