Why this statement rs=st.executeQuery(query); is not excuting? How can I select only a table depend on input type=radio from mysql from two tables?

Question

Why is this query rs=st.executeQuery(query); not executed to select a table from database?

  String gender = request.getParameter(\"gender\");
  if          


        

Answer 1

"select * from ' " +table+ " ' where username like '"+name+ "'" AND password like '"+abc+" '

U should call the value of column following format

 ' " + variablename + " '

Answer 2

You are missing a space here in the string:

"select * from " +table+ " where username like '"+name+ "'" AND password like '"+abc+" '

Add that space in the first string and you would have the right query. And then try again.

And also you should not use String concatenation for SQL as it vulnerable to SQL injection attack. Instead use query parameters.

For more information on how to do that read here:
http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement