JDBC Select * from user_table throws error [closed]

Question

I am trying to make a java program that checks usernames and passwords against my database and currently the code throws an error stating:

Multiple markers at this line

• The operator * is undefined for the argument type(s) java.lang.String, java.lang.String
• Syntax error on token "passedpassword", * expected

here is the code:

public class Authenticate {

public static void AuthorizeUser(String passedusername, char[] passedpassword) {

    DBConnector.Connect();

    Statement stmt = null;

     try {
           if (passedusername != null && passedpassword !=null) {
           String sql = "Select * from users_table Where username='" + passedusername + "' and password='"passedpassword "'";
           ResultSet rs = stmt.executeQuery(sql);
           if( rs.next()){
                //in this case enter when at least one result comes it means user is valid
               System.out.println("user valid");
           } else {
                //in this case enter when  result size is zero  it means user is invalid
               System.out.println("User Fraudulent");
           }
       }

    //You can also validate user by result size if its comes zero user is invalid else user is valid


        } catch (SQLException err) {
            System.out.println(err.getMessage());
        }

    DBConnector.Close();


}

}

I know it is probably a small and simple mistake but Im fairly new to JBDC and java and I can not figure it out.

Edit: Question resolved was missing two +. Upon correction of the original error a NullPointerException error is thrown due to the fact that stmt is null. This will be fixed later as i am working to solve a error that is caused by me defining stmt as:

Statement stmt = null;
conn = DBConnector.conn;

the error given is:

Type mismatch: cannot convert from java.sql.Statement to com.mysql.jdbc.Statement

I have also been informed that i should use PreparedStatement to prevent sql Injection

Answer 1

please try this
you should use passedpassword between '"+ +"'"

String sql = "Select * from users_table Where username='" + passedusername + "' and password='"+passedpassword+"'";