'SQL statement in Java DAO method is not checking if user exists properly
I have DAO method in Java which looks like this:
private boolean validateUser(String email, String username) throws SQLException {
return stmt.execute(
"SELECT NOT EXISTS" +
"(SELECT id from Math_Hub.Users_Information " +
"WHERE username = '" + username + "' OR email = '" + email + "')");
}
The method returns true even if username already exists in database. Why is that?
I tried to test it by hand and the following SQL statement
SELECT NOT EXISTS
(SELECT id from Math_Hub.Users_Information
WHERE username = 'Eren' OR email = '[email protected]')
This worked perfectly.
Solution 1:[1]
NOT EXISTS always return 1 if no row matches in the where clauses. Either use EXISTS or you can go with select query and later check if anything is received in the resultset( select * or select count(*)).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Chetna R |