Parameter index out of range(1> number of parameters, which is 0)

Question

0.00/5 (No votes)

See more:

Parameter index out of range(1> number of parameters,which is 0)

What I have tried:

This is my code.The table users contains 3 rows.having username and password.It is giving me the error as:

Java

java.sql.SQLException: Parameter index out of range (1 > number of parameters, which is 0). 

String DRIVER = "com.mysql.jdbc.Driver"; 
Class.forName(DRIVER).newInstance(); 
String url="jdbc:mysql://localhost:3306/regis?user=root&password=fraze"; 
Connection Conn = DriverManager.getConnection(url); 


String strSQL = "select username,password from users where username like '%s'; 

PreparedStatement statement = Conn.prepareStatement(strSQL); 
statement.setString(1, user); 
statement.setString(2, pass); 
ResultSet Rs= statement.executeQuery(strSQL); 

if(myRs.next()){ 
out.println("Login Succesful! A record with the given user name and password exists"); 
} else { 
out.println("Login Failed. No records exists with the given user name and password"); 
} 
statement.close();

I want to verify with the database if the username and password entered are correct or not. Could any one suggest as what would be appropriate changes that are to be made.

Posted 2-Feb-18 23:33pm

Pmourya

Updated 9-Mar-20 20:24pm

Richard MacCutchan

v2

Add a Solution

Comments

Pmourya 3-Feb-18 22:12pm

I use clause "select* from user where name=?, password=?";then it gives an error com.mysql.jdbc.exception.jdbc4.mysqlSyntaxErrorException:you have an error in SQL syntax; check the manual that corresponds to your mysql server version for the right syntax to use near 'password='1234"at line 1. Pls help

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2018-02-03T00:29:00

I explained what you need to do in your question yesterday, and even gave you the link to the documentation for the Select clause. So why are you now doing it another incorrect way? You need to do the following:
- Create a SELECT clause to find the record in the database for this userid, not userids that are like this one, but only this exact one.
- If the userid is found then create a salted hash of the password (link I gave you yesterday) and compare that with the one in the database.
- If both those tests succeed then continue, you have a valid login.

- If the userid is not found, or the passwords do not match then reject the login attempt. But do not tell the user that the password is wrong, that gives hackers too much information.