How to get Mysql table values (name,password) for login program

Question

This query is not executed and the code going to catch block. ISSUE in Query May be in whileloop....

try {

    getConnection();

    String user = text.getText().trim();
    String pass = password.getText().trim();

    String query = "Select name,password from pharmacy.login where name = '" + user + "' and  password = '" + pass + "'";

    result = statement.executeQuery(query);

    System.out.println("hii");
    int count = 0;

    while (result.next()) {
        count++;
    }
}

Answer 1

Your code is prone to SQL-injection, but given the situation please read-on.

In order to find the reason that the query is not executed, you should catch the exception and log it. It may provide useful information on how to solve your issue.

But if your target is just to count the records found, then you should change the query to:

select count(*) from pharmacy.login where name='...' and password='...'

However, your code is prone to SQL-injection.

Normally, you should use PreparedStatement with ? or an ORM framework to retrieve your user object, and the search criteria should be the username only.

select username, password from pharmacy.login where name = ?

The database contents in the Password field should be encrypted, and the input value of the password from the user should be encrypted also.

After retrieving the user object, you should compare the encrypted password field and the encrypted input password value.