Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

mysql- problem with prepared statemnt

 
vijay shanker
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
public String authenticateUser(String username, String password) throws SQLException{
sql_str = "SELECT USERNAME, PLAINPASSWORD FROM USER WHERE USERNAME = ?";
String user = null;
String pass = null;
String res = null;

pstmt = conn.prepareStatement(sql_str);
pstmt.setString(1, username);

res_set = pstmt.executeQuery(sql_str);
if(res_set.next()){
user = res_set.getString(1);
pass = res_set.getString(2);
}
if(user.equals(username) && pass.equals(password)){
res = "success";
System.out.println("Authenticated");
}else{
res = "failed";
}
return res;
}



with athe above code i am getting this exception why?
connection is being established in differnt class.
Connection Established:com.mysql.jdbc.Connection@145d068
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?)' at line 1
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:936)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2870)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1573)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3170)
at com.mysql.jdbc.Connection.execSQL(Connection.java:3099)
at com.mysql.jdbc.Statement.executeQuery(Statement.java:1169)
at com.stpl.pocs.commons.UserData.authenticateUser(UserData.java:33)
at com.stpl.pocs.commons.UserData.main(UserData.java:68)
 
Wayan Saryada
Ranch Hand
Posts: 105
IntelliJ IDE MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your code should be:



The error you get because you are trying to execute the PreparedStatement without assigning a parameter. You've already create the statment with you select query and the parameter has also been set. So to get the ResultSet just call the executeQuery() method, not the overloaded method that accept a query string.
[ December 31, 2007: Message edited by: I Wayan Saryada ]
 
vijay shanker
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, I got the Insight of things i got to take care of when programming with JDBC.


thanks a lot.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic