-3

I have three table 1.User 2.Branch 3 userbranch. I have trying to solve login form. but when login button is click it's show this error java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0).

public Boolean loginApplication(Connection con, String uname, String pwd, String brnch)       {
    try {
        PreparedStatement ps = con.prepareStatement("Select u.username,u.password,"
                + "b.branchname from  user u, branch b ,userbranch ub"
                + "where u.userid = ub.userid and b.branchid=ub.branchid ");
        ps.setString(1, uname);
        ps.setString(2, pwd);
        ps.setString(3, brnch);
        ResultSet rs = ps.executeQuery();
        System.out.println("query return " + rs);
        if (rs.next()) {
            return true;
            //true if query found any corresponding data
        } 
        else{
            return false;
        }
    } 
      catch (SQLException ex) {
        System.out.println("Error while validating " + ex);
        return false;
    }
}

 private void buttonloginActionPerformed(java.awt.event.ActionEvent evt) {
    String uname=username.getText();
    String upass=userpassword.getText();
    String ubranch=userbranch.getSelectedItem().toString().trim();
     if(evt.getSource()==buttonlogin){
    if(user.loginApplication(connect.getCon(),uname,upass,ubranch)){
      System.out.println("success"); 
      MainForm mainForm=new MainForm();
       mainForm.setVisible(true);
    }
     }
    else{
        JOptionPane.showMessageDialog(null, "Login failed!","Failed!!",
                                    JOptionPane.ERROR_MESSAGE);
        }
}

Shows error: 

java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0).
Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
Snahar
  • 1
  • 4
  • Your post is very hard to read due to all the blank lines for no reason. Please edit it, bearing in mind that you're asking for others to help you - it's up to you to make it as easy to read as possible. – Jon Skeet Oct 05 '13 at 11:25
  • A single blank line of white space in source code is *always* enough. Blank lines after `{` or before `}` are also typically redundant. – Andrew Thompson Oct 05 '13 at 11:48

2 Answers2

2

Your SQL doesn't have any parameters:

Select u.username,u.password,b.branchname from  user u, branch b, userbranch
ubwhere u.userid = ub.userid and b.branchid=ub.branchid

So it's failing when you try to set parameters. You probably want:

and u.userid = ? and u.password = ? and b.branchid = ?

... or something similar. Except that would suggest that you're storing passwords in plain text, which would be horrible from a security perspective.

Oh, and I think you want a space between ub and where...

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • now show this error @Jon Skeet ...com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' u.password='', b.branchname='Select'' at line 1 – Snahar Oct 05 '13 at 11:33
  • @Snahar Read the last line of this answer. – Roman C Oct 05 '13 at 11:36
1

Basically, the problem is as indicated by the error message. Your SQL statement has no parameters, but you are trying to set some.

An (unnamed) parameter in an SQL statement is indicated by a ? placeholder.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216