我正在尋找當用戶輸入匹配cUsername & cPassword時顯示所有字段。在測試這個時,我在我的SQL語法(cPassword所在的位置附近)出現錯誤。有人可以提出這個問題嗎?請注意我還沒有通過SQL注入...通過搜索兩列來從數據庫返回數據
public Car getLogin(String searchUser, String searchPass) {
Car foundCar1 = new Car();
try {
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(url + dbName, userName, password);
statement = conn.createStatement();
resultSet = statement.executeQuery("select * from eflow.registration where cUsername like '" + searchUser
+ "' AND where cPassword like '" + searchPass + "'");
while (resultSet.next()) {
foundCar1 = new Car(resultSet.getInt("cID"), resultSet.getString("cLicense"),
resultSet.getInt("cJourneys"), resultSet.getString("cUsername"),
resultSet.getString("cPassword").toString());
}
conn.close();
} catch (Exception e) {
e.printStackTrace();
}
return foundCar1;
}
你應該放棄這種壞習慣並學習如何使用prepareStatments。 「select * from eflow.registration where cUsername like'」+ searchUser +''AND where cPassword like'「+ searchPass +」'「 – Sedrick