0

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[name]=? and [password]=?' at line 1 

package com.login.dao;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import com.mysql.jdbc.PreparedStatement;
public class LoginDao 
   {
      public boolean check(String uname ,String pass)
   {
    try
        {
        String url ="jdbc:mysql://localhost:3306/login";
        String username = "root";
        String password = "root";
        String query    = " select * from  login where Name =? and           
        password=? ";

            Class.forName("com.mysql.jdbc.Driver");
            Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/","root","root");
            PreparedStatement st = (PreparedStatement) con.prepareStatement(query);
            st.setString(1, uname);
            st.setString(2, pass);
            ResultSet rs   = st.executeQuery(query);
            if(rs.next())
                {
                    return  true;
                }
      }
    catch (Exception e)     
      {
        System.out.println("Mistake");
        e.printStackTrace();
      }

  return false;


      }
      }
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Ashutosh Gupta
  • 31
  • 1
  • 9
  • 1
    `ResultSet rs = st.executeQuery(query);` should be `ResultSet rs = st.executeQuery();` – Filburt Mar 03 '18 at 13:39
  • Your `getConnection()` needs `:3306/` – Sudheesh Singanamalla Mar 03 '18 at 13:41
  • @Filburt thanx buddy that work, can you please explain to me why it happens?? – Ashutosh Gupta Mar 03 '18 at 13:50
  • If you pass the `query` parameter, it will try to execute this unprepared command instead of your PreparedStatement `st`. (see the linked duplicate post). – Filburt Mar 03 '18 at 13:55
  • @Filburt And technically it is even a bug that MySQL tries to execute the query string. The JDBC specification specifies that calling `executeQuery(String)` on a `PreparedStatement` or `CallableStatement` should always throw a `SQLException` – Mark Rotteveel Mar 03 '18 at 14:54

0 Answers0