java.sql.SQLSyntaxErrorException：ORA-00933：SQL命令未正確結束？

Question

我是Java Applet和Java Swing的新手。已經檢查過類似的問題，但沒有多大幫助。一旦登錄按鈕被點擊，拋出異常而不是執行try塊。其他一切工作正常。

public class signin extends javax.swing.JFrame { 

    Connection conn; 

OracleResultSet rs = null; 
OraclePreparedStatement pst; 


private void cancelActionPerformed(java.awt.event.ActionEvent evt) {          
signin s = new signin(); 
s.setVisible(true); 
}          

當單擊登錄按鈕時拋出異常而不是進入新框架菜單。

private void loginActionPerformed(java.awt.event.ActionEvent evt) {          


    try{ 

    String pass = passTF.getText().trim(); 
    String user = userTF.getText().trim(); 
    String sql = "select uname,pass from login where uname = '"+user+"' pass 
    = '"+pass+"'"; //here is the issue 

    pst = (OraclePreparedStatement) conn.prepareStatement(sql); 
    rs = (OracleResultSet) pst.executeQuery(sql); 
    System.out.println("Error"); 
    int count = 0; 

try塊的休息

while (rs.next()) 
    { 
     count++; 

    } 
    if(count == 1) 
    { 
     JOptionPane.showMessageDialog(null, "User Found"); 
     System.out.println("Success"); 
     menu m = new menu(); 
      m.setVisible(true); 
    } 

    else 
    { 
     System.out.println("Success but no user"); 
    JOptionPane.showMessageDialog(null, "Such user does not exist!"); 
    } 

    } 
    catch(Exception ex) 
    { 
      System.out.println("Fail"); 
    } 

}          

/** 
* @param args the command line arguments 
*/ 
public static void main(String args[]) { 

    java.awt.EventQueue.invokeLater(new Runnable() { 
     public void run() { 
      new signin().setVisible(true); 
     } 
    }); 
} 

Answer 1

您有無效的SELECT語句，此代碼：

"select uname,pass from login where uname = '"+user+"' pass= '"+pass+"'" 

本來應該是這樣的：

"select uname,pass from login where uname = '"+user+"' and pass= '"+pass+"'" 

注意你錯過了and在where條款中。

此外，你應該避免這些類型的查詢，而不是使用PreparedStatement目前你的代碼很容易受到sql注入攻擊。