0

I am new to Java Applet and Java Swing. Already checked similar questions but didnt help much. Exception is being thrown instead of executing the try block , once the login button is clicked. Everything else is working fine. 

  public class signin extends javax.swing.JFrame {

  Connection conn;

OracleResultSet rs = null; 
OraclePreparedStatement pst;


private void cancelActionPerformed(java.awt.event.ActionEvent evt) {                                       
 signin s = new signin();
 s.setVisible(true);
}

When clicking the login button exception is thrown instead of going to a new frame, menu. 

private void loginActionPerformed(java.awt.event.ActionEvent evt) {                                      


    try{

    String pass = passTF.getText().trim();
    String user = userTF.getText().trim();
    String sql = "select uname,pass from login where uname = '"+user+"' pass   
   = '"+pass+"'"; //here is the issue

   pst = (OraclePreparedStatement) conn.prepareStatement(sql);
   rs = (OracleResultSet) pst.executeQuery(sql);
    System.out.println("Error");
   int count = 0;

Rest of the try block

   while (rs.next())
   {
       count++;

   }
    if(count == 1)
    {
        JOptionPane.showMessageDialog(null, "User Found");
        System.out.println("Success");
        menu m = new menu();
          m.setVisible(true);
    }

    else 
    {
        System.out.println("Success but no user");
   JOptionPane.showMessageDialog(null, "Such user does not exist!");
    }

    }
    catch(Exception ex)
    {
          System.out.println("Fail");
    }

}                                     

/**
 * @param args the command line arguments
 */
public static void main(String args[]) {

    java.awt.EventQueue.invokeLater(new Runnable() {
        public void run() {
            new signin().setVisible(true);
        }
    });
}
Improve this question
1

1 Answer 1

Reset to default
1

You have invalid select statement, this code:

"select uname,pass from login where uname = '"+user+"' pass= '"+pass+"'"

Should have been like this:

"select uname,pass from login where uname = '"+user+"' and pass= '"+pass+"'"

Note that you were missing and in the where clause.

Also you should avoid these type of queries instead use PreparedStatement currently your code is vulnerable to sql injection attack.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.