3

I am trying to select data from a table using prepared statement. But it seems like I am getting syntax error which I cannot solve alone. 

try {

        Class.forName("com.mysql.jdbc.Driver");
        String url = "jdbc:mysql://localhost:3306/mydb";
        String dbusername = "root";
        String dbpassword = ""; // Change it to your Password

        // Setup the connection with the DB
        connection = DriverManager.getConnection(url, dbusername,
                dbpassword);

        String query = "SELECT * FROM admin WHERE username = ? AND password = ?";

        try {
            // connection.setAutoCommit(false);
            selectUser = connection.prepareStatement(query);
            selectUser.setString(1, username);
            selectUser.setString(2, password);
            // Execute preparedstatement
            ResultSet rs = selectUser.executeQuery(query);

            // Output user details and query
            System.out.println("Your user name is " + username);
            System.out.println("Your password is " + password);
            System.out.println("Query: " + query);

            boolean more = rs.next();

            // if user does not exist set the validity variable to true
            if (!more) {
                System.out
                        .println("Sorry, you are not a registered user! Please sign up first!");
                user.setValid(false);
            }

            // if user exists set the validity variable to true
            else if (more) {
                String name = rs.getString("name");

                System.out.println("Welcome " + name);
                user.setName(name);
                user.setValid(true);
            }


        } catch (Exception e) {
            System.out.println("Prepared Statement Error! " + e);
        }   
    } catch (Exception e) {
        System.out.println("Log in failed: An exception has occured! " + e);
    } finally {
    }
    if (connection != null) {
        try {
            connection.close();
        } catch (Exception e) {
            System.out.println("Connection closing exception occured! ");
        }
        connection = null;
    }

    return user;
}

I get following error.

Prepared Statement Error! com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? AND password = ?' at line 1

But I don't see any error in that code line.

Improve this question

3 Answers 3

Reset to default
1

Change

 ResultSet rs = selectUser.executeQuery(query);

to

 ResultSet rs = selectUser.executeQuery();

when you already prepared the statement in connection.prepareStatement(query); then why to pass the query again in selectUser.executeQuery(query);

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you! I didn't know about that. Removing query parameter saved my day.
0

what you want to do is use this method

 ResultSet rs = selectUser.executeQuery();
Improve this answer

Comments

0

You have already loaded your query inside the prepared statement here , 

selectUser = connection.prepareStatement(query);

so execute it by ,

 ResultSet rs = selectUser.executeQuery();

Also read ,

How does PreparedStatement.executeQuery work?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.