hello everyone i am trying to make this search bar in java but when i search without typing double quotation i get this error
but when i type numbers or words with double quotation it works just fine
searching with double quotation image
here is my code
private void jButton_Show1ActionPerformed(java.awt.event.ActionEvent evt) {
try{
String Accounts_Choose_Value = jTextField1.getText();
// Accounts_Choose_Value = (String) Accounts_jComboBox_Choose_Value.getSelectedItem();
if(Accounts_Choose_Value.equals(Accounts_Choose_Value)){
String sql = "SELECT * FROM accounts WHERE URL="+Accounts_Choose_Value;
con= DriverManager.getConnection("jdbc:mysql://localhost/accountmanagerdb","root","");
Statement s = con.prepareStatement(sql);
ResultSet rs =s.executeQuery(sql);
if(rs.next()){
String Account_User_Name =rs.getString(2);
String Account_Email =rs.getString(3);
String Account_Password =rs.getString(4);
String Account_Backup_Codes =rs.getString(5);
jLabel_Account_User_Name.setText(Account_User_Name);
jLabel_Account_Email.setText(Account_Email);
jLabel_Account_Password.setText(Account_Password);
jLabel_Account_Backup_Codes.setText(Account_Backup_Codes);
}
}
} catch (SQLException ex) {
JOptionPane.showMessageDialog(null, ex,
"Database",JOptionPane.ERROR_MESSAGE);
}
}
ididn't wirte anything in the textfield
private void jTextField1ActionPerformed(java.awt.event.ActionEvent evt) {
// TODO add your handling code here:
}
Change this one line But beware of SQL injection
String sql = "SELECT * FROM accounts WHERE URL=\""+Accounts_Choose_Value+"\"";
Basically you need to wrap the where clause entry in double quotes your first query generates
SELECT * FROM accounts WHERE URL=google
Which means you are asking give me all rows which have column value URL
equal to column value google
The right query is
SELECT * FROM accounts WHERE URL="google"
Now you are asking give me all rows whose URL is equal to "google" string
In the first case your code fails saying I cant find a column named google
EDIT
Basically you should not directly string interpolate your variables that will lead to security issues
You can refer how to do prepared statement here
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.