You have an error in your SQL syntax; near 'Type='1'' at line 1 - I cant write correct SQL query

Question

I have created a SQL login system in java but want and what to only allow people with account type 1 to access the program. The query I have written keeps coming up as errors. THE SECURITY OF THE PROGRAM IS NOT A CONCERN AS ITS JUST FOR COURSEWORK

public void login(){
        try{
            int a = 0;
            int b =1;

            String query ="select * from Users where Login = '"+ 
main_menu.login_text.getText()+"' and Password='" 
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +1+ 
"'" ;
            rs =st.executeQuery(query);
            System.out.println("Records from Database");
            if(rs.next()){
                f=2;

                query ="select * from Users where Login = '"+ 
main_menu.login_text.getText()+"' and Password='" 
+main_menu.passwordtext.getText().toString()+"' and Account Type='" +0+ 
"'" ;
                rs =st.executeQuery(query);
                System.out.println("Records from Database");
                }

            else if (rs.next()){
                f=1;
            }
            else{

                JOptionPane.showMessageDialog(null, "Incorrect Username 
and Password...");
            con.close();}



        } catch(Exception ex){
            System.out.println("Error"+ex);
        }

Answer 1

As @luk2302 have suggested, you should change your code. With that code, you allow to be easily breach your security.

Here is an example of how to make it better:

PreparedStatement pst = null;
String sql = "SELECT * FROM login where username=? and password=?";
pst = con.prepareStatement(sql);
pst.setString(1,user);
pst.setString(2,pass);
ResultSet rs = pst.executeQuery();

Now you can just get the data you just recovered to get the information about the user. If no resul set is given, the login would have failed.