Java和MySql SELECT查询中的SQL语法错误

时间:2016-07-25 18:54:48

标签: java mysql swing mysql-workbench

我正在开发一个包含3个JFrame的基本程序。登录成功后,登录,注册和仪表板将打开。但是,输入用户名和密码并单击登录按钮后,我收到错误。

这是错误:

  

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:您的SQL语法中有错误;查看与您的MariaDB服务器版本对应的手册,以获得正确的语法,以便在附近使用#39;密码=' 1234''在第1行

这是我的代码:

import java.awt.BorderLayout;
import java.awt.EventQueue;

import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.border.EmptyBorder;

import com.mysql.jdbc.Statement;

import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.ImageIcon;
import java.awt.Font;
import javax.swing.JTextField;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.awt.event.ActionEvent;

public class Login extends JFrame {

private JPanel contentPane;
private JTextField txtUsrName;
private JTextField txtPAss;

/**
 * Launch the application.
 */
public static void main(String[] args) {
    EventQueue.invokeLater(new Runnable() {
        public void run() {
            try {
                Login frame = new Login();
                frame.setVisible(true);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    });
}

/**
 * Create the frame.
 */
public Login() {
    setDefaultCloseOperation(JFrame.HIDE_ON_CLOSE);
    setBounds(100, 100, 450, 348);
    contentPane = new JPanel();
    contentPane.setBorder(new EmptyBorder(5, 5, 5, 5));
    setContentPane(contentPane);
    contentPane.setLayout(null);

    JLabel lblLogin = new JLabel("Welcome To TechApp");
    lblLogin.setFont(new Font("Tekton Pro", Font.PLAIN, 18));
    lblLogin.setBounds(135, 19, 163, 28);
    contentPane.add(lblLogin);

    JLabel lblUsername = new JLabel("UserName:");
    lblUsername.setFont(new Font("Alaska", Font.PLAIN, 15));
    lblUsername.setBounds(174, 58, 88, 28);
    contentPane.add(lblUsername);

    txtUsrName = new JTextField();
    txtUsrName.setBounds(145, 90, 132, 20);
    contentPane.add(txtUsrName);
    txtUsrName.setColumns(10);

    JLabel lblPassword = new JLabel("Password:");
    lblPassword.setFont(new Font("Alaska", Font.PLAIN, 15));
    lblPassword.setBounds(182, 118, 95, 46);
    contentPane.add(lblPassword);

    txtPAss = new JTextField();
    txtPAss.setColumns(10);
    txtPAss.setBounds(145, 156, 132, 20);
    contentPane.add(txtPAss);

    JButton btnNewButton = new JButton("login");
    btnNewButton.addActionListener(new ActionListener() {
        public void actionPerformed(ActionEvent e) {


            String _username = txtUsrName.getText();
            String _password = txtPAss.getText();
            String url = "jdbc:mysql://127.0.0.1:3306/javabase";
            String user = "java";
            String passw = "password";

            try{
                // 1.Get a connection To Database
                Connection myConn = DriverManager.getConnection(url, user, passw);

                // 2.Create a statement
                Statement myStmt = (Statement) myConn.createStatement();

                // 3.Execute SQL Query
                String sql = "SELECT userame, password FROM registration WHERE userame='"+_username+"', password='"+_password+"' ";
                ResultSet result = myStmt.executeQuery(sql);
                //myStmt.executeUpdate(sql);

                int count = 0;
                while(result.next()){
                    count = count + 1;
                }
                if(count == 1){
                    Dashboard frame = new Dashboard();
                    frame.setVisible(true);
                }
                else if(count > 1){
                    JOptionPane.showMessageDialog(null, "Duplicate User! Access Denied!");
                }
                else{
                    JOptionPane.showMessageDialog(null, "User Not Found!");
                }


            }
            catch(Exception ex)
            {
                ex.printStackTrace();
            }





        }
    });
    btnNewButton.setBounds(169, 202, 89, 49);
    contentPane.add(btnNewButton);

    JButton btnRegister = new JButton("Register");
    btnRegister.addActionListener(new ActionListener() {
        public void actionPerformed(ActionEvent e) {
            Main frame = new Main();
            frame.setVisible(true);
        }
    });
    btnRegister.setBounds(168, 264, 89, 23);
    contentPane.add(btnRegister);

    JLabel lblNewLabel = new JLabel("");
    lblNewLabel.setFont(new Font("Alaska", Font.PLAIN, 16));
    lblNewLabel.setIcon(new ImageIcon("D:\\ExploitGate\\MAS-9831-Offwhite2.jpg"));
    lblNewLabel.setBounds(0, 0, 434, 310);
    contentPane.add(lblNewLabel);
}
}

我已经搜索了stackoverflow论坛并执行了here给出的可能解决方案 谁能指导我如何处理这个错误? 在此先感谢:)

2 个答案:

答案 0 :(得分:3)

以上所有代码基本上都没用。这是一个SQL语法错误,这意味着它就是这一行:

where dateadd <= that column
order by dateadd ASC 

您不能使用... WHERE userame='"+_username+"', password='"+_password+"' "; ^--- 来分隔,子句参数。您使用布尔运算。 whereand等等......

请注意,您很容易受到sql injection attacks

的攻击

答案 1 :(得分:1)

您在WHERE子句之间使用逗号,而不是AND

String sql =“SELECT userame,password FROM registration WHERE userame ='”+ _ username +“'AND password ='”+ _ password +“'”;