SQL query through java returning "java.lang.NullPointerException"

Question

try{  
    Class.forName("com.mysql.jdbc.Driver");  
     con=DriverManager.getConnection("jdbc:mysql://localhost/phpMyAdmin/Database_Name","root","");  
     stmt=con.createStatement(); 
    }

This is my code to establish a connection b/w my computer and database and after this I receive the user name and password from the user and then i execute this query

try {
      rs=stmt.executeQuery("SELECT * FROM d
      teacher_info WHERE UserName 
       = '"+userName+"' AND teacher_info.password 
        ="+password);
    }

The problem is that whenever i execute the query i get java.lang.NullPointerException 3 times in a row Any ideas as to why this could be happening ?

that is not how you write queries in 2017, open to SQL injection, http://bobby-tables.com/ https://en.wikipedia.org/wiki/SQL_injection — luk2302, May 26 '17 at 11:57
And when you don't know how to deal with such exceptions than data base work is beyond your current skills. You are simply overburdening yourself. — GhostCat, May 26 '17 at 12:06
@GhostCat I would agree but I wish I could tell that to my academic institution :D — Sai Shekhar, May 26 '17 at 13:22

Rahul · Answer 1 · 2017-05-26T11:59:50.040

4

There are multiple issues with your query and code

missing space here = '"+userName+"' AND teacher_info
you can't access another table column teacher_info.password just like that without some kind of JOIN (join with the said table)
don't concatenate user input like that rather use parameterized query to avoid SQL Injection attack
Also missing single quotes ' on this one .password ="+password);

edited May 26 '17 at 11:59

answered May 26 '17 at 11:58

Rahul

76,197
13
71
125

2

Also missing two `'` on this one `.password ="+password);` – Luke May 26 '17 at 11:59
1. where exactly is the space missing? 2. @Luke only if the password is a string. if its digits only, then its oaky – XtremeBaumer May 26 '17 at 12:02
@Luke, nice catch ... included in answer. Thanks – Rahul May 26 '17 at 12:06
@XtremeBaumer, look carefully and you will see space missing before `AND` ... also even if it's digits .. password always is alphanumeric which is `varchar` in SQL. have you ever seen `password int`? – Rahul May 26 '17 at 12:08
@Rahul a pure password int would be for example the phone pin. copied from your answer `' AND t` and there is a space between `'` and `AND` – XtremeBaumer May 26 '17 at 12:16
@XtremeBaumer Your phone-pin could never start with a zero then. – Luke May 26 '17 at 12:30
@Luke thats not really the point. the point is that he can have some custom password stuff which can be stored as integer – XtremeBaumer May 26 '17 at 12:44
@XtremeBaumer, point is password would never be stored as integer cause then it would allow for manipulation of the int – Rahul May 26 '17 at 12:47
The space is present and I thought you don't need '' for integers what am I concatenating ? I am getting a string and int input .....I also fixed the table name confusion, I don't need to join as its the same table. – Sai Shekhar May 26 '17 at 13:19

SQL query through java returning "java.lang.NullPointerException"

1 Answers1