2

Currently having an issue in my SQLite database in android, when I try and run a comparison I get the following error: Caused by: android.database.sqlite.SQLiteException: near "@hotmail": syntax error: , while compiling: SELECT DISTINCT _id, userName, password FROM userTable WHERE [email protected] password=shshsh

my search is:

public boolean getUserNameAndPassword(String userName, String Password) throws SQLException {

    Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER + "=" + userName + "AND password=" + Password, null,
                    null, null, null, null);

    if (mCursor.getCount() > 0)
    {
        return true;
    }
    return false;}

My attempt to run it is:

  boolean signIn = dbHelper.getUserNameAndPassword(mEmail, mPassword);
        if (signIn){
            Toast.makeText(getBaseContext(),"Sign in successful",Toast.LENGTH_LONG).show();
        }else {Toast.makeText(getBaseContext(),"Sign in failed",Toast.LENGTH_LONG).show();}

Thanks in advance!

Improve this question
1
  • this is exactly why you should use selectionArgs and ?. Commented Apr 16, 2014 at 18:12

4 Answers 4

Reset to default
2

You should used a parameterized queries instead of just appending in the username and password variables, see the example below:

Cursor mCursor =
        db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                PWD},USER + " = ? AND password = ?", new String[]{ userName, Password },
                null, null, null, null);

if (mCursor.getCount() > 0)
{
    return true;
}
return false;}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

You should also remove the password appending from the query :)
Hi John, thanks for the prompt response, I have changed to what you have said but I am still getting: Caused by: android.database.sqlite.SQLiteException: near "example": syntax error: , while compiling: SELECT DISTINCT _id, userName, password FROM userTable WHERE userName = ? AND password = ?example
i dont see where the word 'example' is getting into the query.
It is part of the two text entry fields and once they are entered clicking the sign in button fires them in. mEmail = mEmailView.getText().toString(); mPassword = mPasswordView.getText().toString();
@NiekHaarman good catch, copy and paste malfunction i think :) Try now.
1

SELECT DISTINCT _id, userName, password FROM userTable WHERE [email protected] password=shshsh

You forgot a space between userName and AND.

Furthermore, have a look at John's answer about parameterized queries.

Improve this answer

Comments

0

try this:

Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER+"='"+userName+"' AND password='"+Password+"'", null,
                    null, null, null, null);
Improve this answer

Comments

0

You forgot a space, try now: 

Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER + "='" + userName + "' AND password='" + Password + "'", null,
                    null, null, null, null);

    if (mCursor.getCount() > 0)
    {
        return true;
    }
    return false;}

Edit: Also, you should think about using parameterized queries as John proposes.

Improve this answer

1 Comment

Hi there, with your solution I get the following error: Caused by: android.database.sqlite.SQLiteException: near "@hdjsj": syntax error: , while compiling: SELECT DISTINCT _id, userName, password FROM userTable WHERE [email protected] AND password=sjsjsj

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.