java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0). I got this error

Question

I tried to search the data from mysql databases but I got this error:

java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0).

main.jsp:

<form action = "SearchCheck" method="post">      
    <input type="text" id="search" class="fadeIn fourth" name="search" placeholder="search">
    <input type="submit" class="fadeIn fourth" value="Search">
</form>

SearchCheck.java:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    response.getWriter().append("Served at: ").append(request.getContextPath());
}

/**
 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
 */
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    request.setCharacterEncoding("EUC-KR");     
    response.setContentType("text/html; charset=euc-kr");
    userSearch=request.getParameter("search");

    if(userSearch == null || userSearch =="" ) {

        PrintWriter out = response.getWriter();
        out.println("<script type=\"text/javascript\">");
        out.println("alert('이름을 채워주십시오');");
        out.println("location='main.jsp';");
        out.println("</script>");

    }


    else {
        try {
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/member", "root", "Wlsdud1964");                         
            String sql = "SELECT * FROM  user where userName LIKE '%"+userSearch+"%'";              
            System.out.println(sql);        
            ps = conn.prepareStatement(sql);            
            ps.setString(1, userName);
            resultSet = ps.executeQuery();

            //response.sendRedirect("loginCheckResult.jsp");

            while(resultSet.next()) {               
                resultSet.getString(userName);
                resultSet.getString(userGroup);
                PrintWriter out = response.getWriter();
                out.println(resultSet.getString(userName) + resultSet.getString(userGroup));
                out.println("<br /");       
            }           
        } catch(Exception e) {
            e.printStackTrace();
        } finally{
            try {
                if(stmt != null)stmt.close();
                if(conn != null)conn.close();
            }catch(Exception e) {
                e.printStackTrace();
            }
        }   
    }//else     
} //doPost

Answer 1

EDIT: As Jozef mentioned in one answer, ? should not be put between string literal '%?%' so append % to the string parameter before it is set in the query There is no parameter in your sql query...

replace the query to

String sql = "SELECT * FROM  user where userName LIKE ?"

? is the parameter where your string will be set.
where string will be like "%"+inputString+"%";

Answer 2

Tahir was almost right in his answer, the proper SQL query should be

String sql = "SELECT * FROM  user where userName LIKE ?";

and then you have to add % wildcards to the parameter "manually", i.e.

String queryString = "%" + userSearch + "%";
ps.setString(1, queryString);