Results 1 to 4 of 4
  1. #1
    vishal.jar is offline Member
    Join Date
    Jan 2011
    Location
    New Delhi
    Posts
    2
    Rep Power
    0

    Default java.sql.SQLException: ORA-00904: "PASS1": invalid identifier

    private void submitActionPerformed(java.awt.event.ActionEvent evt) {
    Connection c=Main.getCon();
    char[] p=pass.getPassword();
    String ps=new String(p);
    try{
    Statement st=c.createStatement();
    ResultSet rs=st.executeQuery("select UNAME from users where PASS="+ps);
    while(rs.next()){
    String s=rs.getString(1);
    if(s.equals(uname.getText())){
    this.setVisible(false);
    new welcome().setVisible(true);
    }else{
    JOptionPane j=new JOptionPane();
    JOptionPane.showMessageDialog(j,"invalid password");
    }
    }
    }catch(SQLException e){ e.printStackTrace(); }
    }

    Now.. Im using netbeans..Its a simple app with login panel having two fields "uname" and "pass", for username and password respectively. It simply connects to an oracle database table "users" with two columns "uname" and "pass". One of the entries in the table is "vishal", and "pass1".
    here I declared getCon() in Main class which returns reference to Connection type object. Connection is successful. When I run the app I type "vishal" and "pass1" in the fields and hit submit. It shows following error,
    java.sql.SQLException: ORA-00904: "PASS1": invalid identifier

    what's the problem?

  2. #2
    UJJAL DHAR is offline Senior Member
    Join Date
    Apr 2010
    Location
    Dhaka,Bangladesh
    Posts
    180
    Rep Power
    0

    Default

    check this line
    ResultSet rs=st.executeQuery("select UNAME from users where PASS="+ps);
    to
    ResultSet rs=st.executeQuery("select *from users where PASS='ps');

  3. #3
    vishal.jar is offline Member
    Join Date
    Jan 2011
    Location
    New Delhi
    Posts
    2
    Rep Power
    0

    Default

    nope, that forms an unclosed string literal.

  4. #4
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,997
    Rep Power
    19

    Default

    First select based on the username and the password. Don't select on one (and password? Honestly?) and then cycle through the results comparing against the other. Make the db do the work, since it'll be faster than anything you can write...it is its job after all.

    Second use a PreparedStatement rather than concatenating your SQL string together, since I suspect this is all down to you missing out quotes.

Similar Threads

  1. Replies: 1
    Last Post: 04-05-2010, 01:32 AM
  2. Java, Military Format using "/" and "%" Operator!!
    By sk8rsam77 in forum New To Java
    Replies: 11
    Last Post: 02-26-2010, 03:03 AM
  3. Replies: 2
    Last Post: 01-24-2009, 06:56 PM
  4. Replies: 3
    Last Post: 12-05-2008, 08:34 PM
  5. Replies: 1
    Last Post: 10-20-2008, 07:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •