通過搜索兩列來從數據庫返回數據

Question

我正在尋找當用戶輸入匹配cUsername & cPassword時顯示所有字段。在測試這個時，我在我的SQL語法（cPassword所在的位置附近）出現錯誤。有人可以提出這個問題嗎？請注意我還沒有通過SQL注入...

public Car getLogin(String searchUser, String searchPass) { 
    Car foundCar1 = new Car(); 
    try { 
     Class.forName("com.mysql.jdbc.Driver"); 
     Connection conn = DriverManager.getConnection(url + dbName, userName, password); 
     statement = conn.createStatement(); 
     resultSet = statement.executeQuery("select * from eflow.registration where cUsername like '" + searchUser 
       + "' AND where cPassword like '" + searchPass + "'"); 

     while (resultSet.next()) { 
      foundCar1 = new Car(resultSet.getInt("cID"), resultSet.getString("cLicense"), 
        resultSet.getInt("cJourneys"), resultSet.getString("cUsername"), 
        resultSet.getString("cPassword").toString()); 
     } 
     conn.close(); 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
    return foundCar1; 
} 

Answer 1

除了你的錯誤，這裏還有一些有問題的東西。錯誤是由多個where子句引起的。通過改變修復此：

AND where cPassword like到AND cPassword like

我看到的另一件事是，像應與外卡一起使用，所以你可能要更改：

resultSet = statement.executeQuery("select * from eflow.registration where cUsername like '" + searchUser 
      + "' AND where cPassword like '" + searchPass + "'"); 

到：

resultSet = statement.executeQuery("select * from eflow.registration where cUsername like '%" + searchUser 
      + "%' AND cPassword like '%" + searchPass + "%'"); 

除非你正在尋找完全匹配，在這種情況下，我會刪除像，並使用「=」來代替。