com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near '='

Question

 private void DN_ButtonActionPerformed(java.awt.event.ActionEvent evt) {                                          
        if(tenDN.getText().equals("")){
            JOptionPane.showMessageDialog(this, "Dien ten dang nhap");
        }else if(Matkhau.getText().equals("")){
            JOptionPane.showMessageDialog(this, "Dien mat khau");
        }else {
            try {
                String  DB_URL = "jdbc:sqlserver://localhost;"
                + "databaseName=QLSinhVien;"
                + "user=sa;"
                + "password=123";
                Connection conn = DriverManager.getConnection(DB_URL);
                String sql;
                sql = "SELECT * FROM SINHVIEN"
                      + "WHERE TENDN = ? AND MATKHAU = HASHBYTES('MD5',?)";
                PreparedStatement ps = conn.prepareStatement(sql);
                ps.setString(1, tenDN.getText());
                ps.setString(2, Matkhau.getText());
                System.out.println("a");
                ResultSet rs = ps.executeQuery();
                System.out.println("e");
                if(rs.next()){
                    JOptionPane.showMessageDialog(this,"Dang nhap thanh cong");
                }else{
                    sql = "SELECT * FROM NHANVIEN"
                        + "WHERE TENDN = ? AND MATKHAU = HASHBYTES('SHA1',?)";
                    ps = conn.prepareStatement(sql);
                    ps.setString(1, tenDN.getText());
                    ps.setString(2, Matkhau.getText());
                    rs = ps.executeQuery();
                    System.out.println(sql);
                    if(rs.next()){
                        JOptionPane.showMessageDialog(this,"Dang nhap thanh cong");
                    }else{
                        JOptionPane.showMessageDialog(this,"Ten dang nhap va mat khau khong hop le");
                    }
                }
            } catch (Exception ex) {
                System.out.println(ex);
            }
        }
    }

I don't know what's wrong with this code. Help me, please !!!!! I used NetBeans and SQL server 2019

Answer 1

A space is missing in both SQL queries before WHERE clause and breaking the line seems to be redundant:

So the query string should be:

String sql = "SELECT * FROM SINHVIEN WHERE TENDN = ? AND MATKHAU = HASHBYTES('MD5',?)";

// or 
String sql = "SELECT * FROM SINHVIEN " // add a space here
           + "WHERE TENDN = ? AND MATKHAU = HASHBYTES('MD5',?)";

Similarly, the other query against NHANVIEN table needs to be modified:

sql = "SELECT * FROM NHANVIEN WHERE TENDN = ? AND MATKHAU = HASHBYTES('SHA1',?)";

To avoid code duplication, fix closing of connection/prepared statements using try-with-resources the code may be refactored as follows:

// Create constant connection string and SQL queries
private static final String DB_URL = 
    "jdbc:sqlserver://localhost;databaseName=QLSinhVien;user=sa;password=123";
private static final String SQL_1 = 
    "SELECT * FROM SINHVIEN WHERE TENDN = ? AND MATKHAU = HASHBYTES('MD5',?)";
private static final String SQL_2 = 
    "SELECT * FROM NHANVIEN WHERE TENDN = ? AND MATKHAU = HASHBYTES('SHA1',?)";


private void DN_ButtonActionPerformed(java.awt.event.ActionEvent evt) {
    String tenDnText = tenDN.getText();
    String matkhauText = Matkhau.getText();
    if (tenDnText.isEmpty()) {
        JOptionPane.showMessageDialog(this, "Dien ten dang nhap");
    } else if(matkhauText.isEmpty()){
        JOptionPane.showMessageDialog(this, "Dien mat khau");
    } else {
        // auto-close connection
        try (Connection conn = DriverManager.getConnection(DB_URL)) { 
            if (runSqlQuery(conn, SQL_1, tenDnText, matkhauText) || 
                runSqlQuery(conn, SQL_2, tenDnText, matkhauText)) {
                JOptionPane.showMessageDialog(this, "Dang nhap thanh cong");
            } else {
                JOptionPane.showMessageDialog(this, 
                    "Ten dang nhap va mat khau khong hop le");
            }
        } catch (Exception ex) {
            System.out.println(ex);
        }
    }
}

private boolean runSqlQuery(Connection conn, String sql, String... params) 
    throws Exception {
    // auto-close prepared statement
    try (PreparedStatement ps = conn.prepareStatement(sql)) { 
        if (params.length > 1) {
            ps.setString(1, params[0]);
        }
        if (params.length > 2) {
            ps.setString(2, params[1]);
        }
        return ps.executeQuery().next(); // using implicit ResultSet
    }
}

com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near '='

Question

1 answers

solution1
0 2020-09-17 16:36:58

com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near '='

Question

1 answers

solution1 0 2020-09-17 16:36:58

solution1
0 2020-09-17 16:36:58