Skip to content
Advertisement

how to make search bar without having to type double quotation?

hello everyone i am trying to make this search bar in java but when i search without typing double quotation i get this error

search error image

but when i type numbers or words with double quotation it works just fine

searching with double quotation image

here is my code

Code image

private void jButton_Show1ActionPerformed(java.awt.event.ActionEvent evt) {                                              
      try{
          String Accounts_Choose_Value = jTextField1.getText();
          // Accounts_Choose_Value = (String) Accounts_jComboBox_Choose_Value.getSelectedItem();
                  
          if(Accounts_Choose_Value.equals(Accounts_Choose_Value)){
              String sql = "SELECT * FROM accounts WHERE URL="+Accounts_Choose_Value;
        con= DriverManager.getConnection("jdbc:mysql://localhost/accountmanagerdb","root","");
              Statement s = con.prepareStatement(sql);
              ResultSet rs =s.executeQuery(sql);
              if(rs.next()){
                  String Account_User_Name =rs.getString(2);
                  String Account_Email =rs.getString(3);
                  String Account_Password =rs.getString(4);
                  String Account_Backup_Codes =rs.getString(5);
                  
                  jLabel_Account_User_Name.setText(Account_User_Name);
                  jLabel_Account_Email.setText(Account_Email);
                  jLabel_Account_Password.setText(Account_Password);
                  jLabel_Account_Backup_Codes.setText(Account_Backup_Codes);
              }
          }
      } catch (SQLException ex) {
                    JOptionPane.showMessageDialog(null, ex,
                            "Database",JOptionPane.ERROR_MESSAGE);        
      
      }
      
    }

ididn’t wirte anything in the textfield

private void jTextField1ActionPerformed(java.awt.event.ActionEvent evt) {                                            
        // TODO add your handling code here:
    }

Advertisement

Answer

Change this one line But beware of SQL injection

String sql = "SELECT * FROM accounts WHERE URL=""+Accounts_Choose_Value+""";

Basically you need to wrap the where clause entry in double quotes your first query generates

SELECT * FROM accounts WHERE URL=google

Which means you are asking give me all rows which have column value URL equal to column value google

The right query is

SELECT * FROM accounts WHERE URL="google"

Now you are asking give me all rows whose URL is equal to “google” string

In the first case your code fails saying I cant find a column named google

EDIT

Basically you should not directly string interpolate your variables that will lead to security issues

You can refer how to do prepared statement here

Java – escape string to prevent SQL injection

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement