50894 ERROR reading: Incorrect syntax near the keyword 'user' when tries to select query to compare the username and password

  public void login(String name,String password) throws SQLException{
    try {
    } catch (ClassNotFoundException ex) {
        Logger.getLogger(SocketServer.class.getName()).log(Level.SEVERE, null, ex);
    java.sql.Connection conn = DriverManager.getConnection("jdbc:sqlserver://;"+"user=looi963;password=1234;database=user");
    PreparedStatement state=conn.prepareStatement("Select username,password from user where username=? and password = ?");
    state.setString(2, password );
    int count = state.executeUpdate();
        System.out.println("Successful login");

  • SQL Server, connection pools vs static connection for special cases
  • Hundreds of aliases/synonyms vs database tables' fully qualified names
  • Does column ordering affects performance in Microsoft SQL Server 2012?
  • Why do you create a View in a database?
  • Connect to database from sqlcmd
  • Can I remove sa login from SQL server?
  • 2 Solutions collect form web for “50894 ERROR reading: Incorrect syntax near the keyword 'user' when tries to select query to compare the username and password”

    Protect the identifier as USER is a reserved keyword and it cannot be used “bare”. Consider the following which uses the []-quotes (""-quotes would also work);

    Select username,password from [user] where username = ? and password = ?

    This error is fairly common (for different reserved words) – make sure to consult the manual. Ideally, I would name the tables and columns such that they are not any of the reserved keywords.

    Also, change executeUpdate() to executeQuery() because it’s a SELECT operation.

    It may also be prudent to switch to a user table that does not store the plain-text passwords.. the problem with plain-text passwords is two-fold;

    • an unauthorized read on the table instantly compromises all accounts, and;
    • people often reuse passwords which can make their other accounts (eg. email, bank) vulnerable.

    As you are using a select query replace this

    state.executeUpdate(); with ResultSet rs = state.executeQuery()

    then check if records exists with the specified username and password like this

    if (!rs.next() ) {
        System.out.println("Not valid username and password");
    } else {
        do {
            System.out.println(rs.getString(1)+"  "+
        } while (resultSet.next());
    MS SQL Server is a Microsoft SQL Database product, include sql server standard, sql server management studio, sql server express and so on.