使用准备好的语句登录Servlet

Question

I try to find out, where is Error in my Code below:

public void service(HttpServletRequest request, HttpServletResponse response){
        try{
            user1 = request.getParameter("nameLog");
            pass1 = request.getParameter("passLog");
            String userid = null;
            String passdb = null;
            String query = "select user, pass from login where `user` = ? and `pass`=?";

            PreparedStatement pst = conn.prepareStatement(query);
            ResultSet rs = pst.executeQuery();
            pst.setString(1, user1);
            pst.setString(2, pass1);

            while(rs.next()){
                userid = rs.getString("user1");
                passdb = rs.getString("pass1");

                pst.executeQuery();
            }
            if(userid.equals(user1)&& passdb.equals(pass1)){
                response.sendRedirect("/WebContent/login/Main.html");

            }


        }catch(Exception ex){
        ex.printStackTrace();
        }
    }

I try to log in to my application (db Column names are user and pass ) but i get an Error:

java.sql.SQLException: No value specified for parameter 1

in this row

ResultSet rs = pst.executeQuery();

How can I get rid of this error and log into my Page?

Thanks

Answer 1

Order matters! You need to pass the parameters before you call executeQuery , like so:

PreparedStatement pst = conn.prepareStatement(query);            
pst.setString(1, user1);
pst.setString(2, pass1);            
ResultSet rs = pst.executeQuery();

Answer 2

You are executing the query before setting the values. It should be:

PreparedStatement pst = conn.prepareStatement(query);
pst.setString(1, user1);
pst.setString(2, pass1);

ResultSet rs = pst.executeQuery();