You're going to need a better question than "please help". Just posting the code tells us nothing about what your problem is. Could I suggest that you read our FAQ entry ItDoesntWorkIsUseless (<-- click on that link) and, based on what you read there, post a description of your problem?
That's not how you should ask a question on a forum! The more information you provide, the easier it is for people to answer your questions (and the more useful the answers will be). You should always TellTheDetails. And here you'll find how you should ask questions on CodeRanch.
Based on the code snippet you have posted, I can already provide 2 remarks:
1/ you should always use prepared statements wherever possible to avoid SQL injection attacks (like Tim's post illustrates). You can find more info on SQL injection here and on prepared statements here.
2/ there's an error in the WHERE clause: to combine different conditions you should use AND or OR, not a comma. So it should beAs you can see, I've already introduced the appropriate syntax to use a prepared statement :)
That's very hard to do if you don't TellTheDetails. You don't provide any stack trace of a possible exception or explain the problem/issue you are having. It's the second time in this topic that you are asked to do so. You can't expect that people will try to execute your code to see what's wrong. Next time such a question will probably be left unanswered! Luckily for you, it's a pretty obvious error (which is easy to fix too )
You are executing this querySo your result set (rows returned by this query) will contain only the column password. The statementtries to get the value for the column username, but this column does not exist in the result set. That's why you get the "column not found" exception.
And please update your code to use prepared statements to avoid SQL injection (as mentioned in my previous post as well).