Prepared statement and setString

Question

I have a problem with setString. When I add % to the parameter in the setString, it works even if I don't write anything. However, when I remove it it doesn't work. Can anyone help?

String Id= User1.getText().toString();
String Passwords = Pass.getText().toString();


btnlogin.setOnClickListener(new View.OnClickListener() {
            public void onClick(View v) {
         String query = "SELECT * FROM TABLE WHERE id LIKE ? AND pass LIKE ? ";
            try {
                if (connect != null) {
                   PreparedStatement statement = connect.prepareStatement(query);
                statement.setString(1, Id );  //  statement.setString(1 ,"%" + Id + "%");
               statement.setString(2 ,Passwords);//  statement.setString(2 ,"%" + Passwords + "%");
                   r = statement.executeQuery();
                    if (r.next()){

                        Intent intent = new Intent();
                        intent.setClass(Login.this, MainActivity.class);
                        startActivity(intent);
                            }
                     else {
                        message = "Error";
                        info.setText(message);
                    }

                } else {
                    message = "Error in connection with SQL server";
                    info.setText(message);
                }


            } catch (SQLException e) {
                etat = false;
                message = "Got an exception!";
                System.err.println(e.getMessage());
            }


    }});  }

P.S: I get no errors

Answer 1

That is because your SQL query is begging for like Syntax.

If you do not want to use %%, Pass the direct String and change LIKE query to = Query.

SELECT * FROM TABLE WHERE id = ? AND pass = ?

But checking username and password with like operator is a terrible idea. Always check that they are equals or not.