Search code examples
javamysqlsqlsearchsearchbar

how to make search bar without having to type double quotation?

hello everyone i am trying to make this search bar in java but when i search without typing double quotation i get this error

search error image

but when i type numbers or words with double quotation it works just fine

searching with double quotation image

here is my code

Code image


private void jButton_Show1ActionPerformed(java.awt.event.ActionEvent evt) {                                              
      try{
          String Accounts_Choose_Value = jTextField1.getText();
          // Accounts_Choose_Value = (String) Accounts_jComboBox_Choose_Value.getSelectedItem();
                  
          if(Accounts_Choose_Value.equals(Accounts_Choose_Value)){
              String sql = "SELECT * FROM accounts WHERE URL="+Accounts_Choose_Value;
        con= DriverManager.getConnection("jdbc:mysql://localhost/accountmanagerdb","root","");
              Statement s = con.prepareStatement(sql);
              ResultSet rs =s.executeQuery(sql);
              if(rs.next()){
                  String Account_User_Name =rs.getString(2);
                  String Account_Email =rs.getString(3);
                  String Account_Password =rs.getString(4);
                  String Account_Backup_Codes =rs.getString(5);
                  
                  jLabel_Account_User_Name.setText(Account_User_Name);
                  jLabel_Account_Email.setText(Account_Email);
                  jLabel_Account_Password.setText(Account_Password);
                  jLabel_Account_Backup_Codes.setText(Account_Backup_Codes);
              }
          }
      } catch (SQLException ex) {
                    JOptionPane.showMessageDialog(null, ex,
                            "Database",JOptionPane.ERROR_MESSAGE);        
      
      }
      
    }

ididn't wirte anything in the textfield

private void jTextField1ActionPerformed(java.awt.event.ActionEvent evt) {                                            
        // TODO add your handling code here:
    }
Solution

  • Change this one line But beware of SQL injection

    String sql = "SELECT * FROM accounts WHERE URL=\""+Accounts_Choose_Value+"\"";

    Basically you need to wrap the where clause entry in double quotes your first query generates

    SELECT * FROM accounts WHERE URL=google

    Which means you are asking give me all rows which have column value URL equal to column value google

    The right query is

    SELECT * FROM accounts WHERE URL="google"

    Now you are asking give me all rows whose URL is equal to "google" string

    In the first case your code fails saying I cant find a column named google

    EDIT

    Basically you should not directly string interpolate your variables that will lead to security issues

    You can refer how to do prepared statement here

    Java - escape string to prevent SQL injection