0

I am trying to verify if the username and the password provided by the client. When I tried to execute my code, I got an error message:

java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 'enki' and password = 'enki$'' at line 1
    at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)

My code clientLogin() method:

public static void clientLogin(String username, String password)
{


    try
    {


        Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/ikub", "root", "root");
        PreparedStatement ps = connection.prepareStatement("select username, password from clieent"
                + "where username = ? and password = ?");
        ps.setString(1, username);
        ps.setString(2, password);
         ResultSet rs = ps.executeQuery();
         if (rs.next())
             System.out.println("done");
         else
             System.out.println("error");

         connection.close();

    } catch (Exception e)
    {
        System.out.println("ERROR CANT LOGIN!");
        System.out.println("_____________");
        e.printStackTrace();
    }


}

I think something is wrong with my sql query.

Cody Gray
  • 230,875
  • 49
  • 477
  • 553
Anabelle
  • 3
  • 3
  • 3
    Give a space before where condition in query. – mallikarjun Apr 30 '19 at 05:48
  • 1
    Note that your logic implies that you are storing cleartext unencrypted passwords in your user SQL table. This is really bad practice, and you run the risk of taking a bit hit if anyone from the outside ever reads that table. – Tim Biegeleisen Apr 30 '19 at 05:51
  • @TimBiegeleisen or from the inside... – JB Nizet Apr 30 '19 at 06:00
  • @TimBiegeleisen Yeah you're right but as long as I am new to java I was trying to do in that way just to practice, could you please tell me how could I encrypt the password?? – Anabelle Apr 30 '19 at 21:22
  • You may start by reading [here](https://stackoverflow.com/questions/10696432/encryption-of-password-in-java-or-mysql). – Tim Biegeleisen May 01 '19 at 00:11

1 Answers1

1
  1. Check tables name
  2. You need to Give a space before where

I mean...

"Select username, password " + "Where username =....."

Or

"Select username, password" + " Where username =....."

loobit park
  • 26
  • 1