beginner
beginner

Reputation: 29

java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended?

I am new to Java Applet and Java Swing. Already checked similar questions but didnt help much. Exception is being thrown instead of executing the try block , once the login button is clicked. Everything else is working fine.

  public class signin extends javax.swing.JFrame {

  Connection conn;

OracleResultSet rs = null; 
OraclePreparedStatement pst;


private void cancelActionPerformed(java.awt.event.ActionEvent evt) {                                       
 signin s = new signin();
 s.setVisible(true);
}                                      

When clicking the login button exception is thrown instead of going to a new frame, menu.

private void loginActionPerformed(java.awt.event.ActionEvent evt) {                                      


    try{

    String pass = passTF.getText().trim();
    String user = userTF.getText().trim();
    String sql = "select uname,pass from login where uname = '"+user+"' pass   
   = '"+pass+"'"; //here is the issue

   pst = (OraclePreparedStatement) conn.prepareStatement(sql);
   rs = (OracleResultSet) pst.executeQuery(sql);
    System.out.println("Error");
   int count = 0;

Rest of the try block

   while (rs.next())
   {
       count++;

   }
    if(count == 1)
    {
        JOptionPane.showMessageDialog(null, "User Found");
        System.out.println("Success");
        menu m = new menu();
          m.setVisible(true);
    }

    else 
    {
        System.out.println("Success but no user");
   JOptionPane.showMessageDialog(null, "Such user does not exist!");
    }

    }
    catch(Exception ex)
    {
          System.out.println("Fail");
    }

}                                     

/**
 * @param args the command line arguments
 */
public static void main(String args[]) {

    java.awt.EventQueue.invokeLater(new Runnable() {
        public void run() {
            new signin().setVisible(true);
        }
    });
}

Upvotes: 0

Views: 955

Answers (1)

Pradeep Simha
Pradeep Simha

Reputation: 18133

You have invalid select statement, this code:

"select uname,pass from login where uname = '"+user+"' pass= '"+pass+"'"

Should have been like this:

"select uname,pass from login where uname = '"+user+"' and pass= '"+pass+"'"

Note that you were missing and in the where clause.

Also you should avoid these type of queries instead use PreparedStatement currently your code is vulnerable to sql injection attack.

Upvotes: 1

Related Questions