CODEWITHSUNDEEP
androidsqleclipsesqlite
user3535757
user3535757

Reputation: 59

Android SQLite database exception

Currently having an issue in my SQLite database in android, when I try and run a comparison I get the following error: Caused by: android.database.sqlite.SQLiteException: near "@hotmail": syntax error: , while compiling: SELECT DISTINCT _id, userName, password FROM userTable WHERE userName=djdss@hotmail.comAND password=shshsh

my search is:

public boolean getUserNameAndPassword(String userName, String Password) throws SQLException {

    Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER + "=" + userName + "AND password=" + Password, null,
                    null, null, null, null);

    if (mCursor.getCount() > 0)
    {
        return true;
    }
    return false;}

My attempt to run it is:

  boolean signIn = dbHelper.getUserNameAndPassword(mEmail, mPassword);
        if (signIn){
            Toast.makeText(getBaseContext(),"Sign in successful",Toast.LENGTH_LONG).show();
        }else {Toast.makeText(getBaseContext(),"Sign in failed",Toast.LENGTH_LONG).show();}

Thanks in advance!

Upvotes: 2

Views: 453

Answers (4)

John Boker
John Boker

Reputation: 83729

You should used a parameterized queries instead of just appending in the username and password variables, see the example below:

Cursor mCursor =
        db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                PWD},USER + " = ? AND password = ?", new String[]{ userName, Password },
                null, null, null, null);

if (mCursor.getCount() > 0)
{
    return true;
}
return false;}

Upvotes: 2

Rafag
Rafag

Reputation: 729

You forgot a space, try now: 

Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER + "='" + userName + "' AND password='" + Password + "'", null,
                    null, null, null, null);

    if (mCursor.getCount() > 0)
    {
        return true;
    }
    return false;}

Edit: Also, you should think about using parameterized queries as John proposes.

Upvotes: 0

MohdTausif
MohdTausif

Reputation: 508

try this:

Cursor mCursor =
            db.query(true, TABLE_NAME, new String[] {KEY_ROWID,USER,
                    PWD},USER+"='"+userName+"' AND password='"+Password+"'", null,
                    null, null, null, null);

Upvotes: 0

nhaarman
nhaarman

Reputation: 100468

SELECT DISTINCT _id, userName, password FROM userTable WHERE userName=djdss@hotmail.comAND password=shshsh

You forgot a space between userName and AND.

Furthermore, have a look at John's answer about parameterized queries.

Upvotes: 1

Related Questions