Consider two statements that I may want to send to my server from Java.
Simple SQL: This is a typically insert statement.
insert into table_things (thing_1_value, thing_2_value) values(?, ?);
PlPgSQL: I want to avoid round-trips to the database by doing some login in the database. We are not allowed to use stored procedures or functions in the database (the reasons are seem valid).
do $$
declare
my_thing1 varchar(100) = ?;
my_thing2 varchar(100) = ?;
begin
insert into table_things
(
thing_1_value
, thing_2_value
)
values
(
my_thing1
, my_thing2
)
;
end
$$;
The code that executes these statements is represented below in Java8 test cases:
package com.somecompany.someservice.test.database;
import org.apache.commons.dbcp2.BasicDataSource;
import org.junit.Assert;
import org.junit.Test;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Types;
public class PreparedStatementDatabaseTest {
private static final String CONNECTION_URI = "jdbc:postgresql://localhost:5432/somedb?user=someuser&password=somepass";
private static final String PLPGSQL_STATEMENT = "" +
"do $$\n" +
"declare\n" +
" my_thing1 varchar(100) = ?;\n" +
" my_thing2 varchar(100) = ?;\n" +
"begin\n" +
" insert into table_things\n" +
" (\n" +
" thing_1_value\n" +
" , thing_2_value\n" +
" )\n" +
" values\n" +
" (\n" +
" my_thing1\n" +
" , my_thing2\n" +
" )\n" +
" ;\n" +
"end\n" +
"$$;";
private static final String EASY_SQL_STATEMENT = "insert into table_things (thing_1_value, thing_2_value) values(?, ?);";
#Test
public void testPlpgsqlStatement() throws Exception {
Class.forName("org.postgresql.Driver");
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(CONNECTION_URI);
Connection conn = basicDataSource.getConnection();
PreparedStatement statement = conn.prepareStatement(PLPGSQL_STATEMENT, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
statement.setObject(1, "hello", Types.VARCHAR);
statement.setObject(2, "world", Types.VARCHAR);
boolean isResultSet = statement.execute();
conn.close();
Assert.assertFalse(isResultSet);
}
#Test
public void testEasySqlStatement() throws Exception {
Class.forName("org.postgresql.Driver");
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(CONNECTION_URI);
Connection conn = basicDataSource.getConnection();
PreparedStatement statement = conn.prepareStatement(EASY_SQL_STATEMENT, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
statement.setObject(1, "hello", Types.VARCHAR);
statement.setObject(2, "world", Types.VARCHAR);
boolean isResultSet = statement.execute();
conn.close();
Assert.assertFalse(isResultSet);
}
}
testEasySqlStatement works, but testPlpgsqlStatement throws an exception:
org.postgresql.util.PSQLException: The column index is out of range: 1, number of columns: 0.
at org.postgresql.core.v3.SimpleParameterList.bind(SimpleParameterList.java:65)
at org.postgresql.core.v3.SimpleParameterList.setStringParameter(SimpleParameterList.java:128)
at org.postgresql.jdbc.PgPreparedStatement.bindString(PgPreparedStatement.java:996)
at org.postgresql.jdbc.PgPreparedStatement.setString(PgPreparedStatement.java:326)
at org.postgresql.jdbc.PgPreparedStatement.setObject(PgPreparedStatement.java:528)
at org.postgresql.jdbc.PgPreparedStatement.setObject(PgPreparedStatement.java:881)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.setObject(DelegatingPreparedStatement.java:185)
at org.apache.commons.dbcp2.DelegatingPreparedStatement.setObject(DelegatingPreparedStatement.java:185)
at com.somecompany.someservicetest.database.PreparedStatementDatabaseTest.testPlpgsqlStatement(PreparedStatementDatabaseTest.java:44)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Question: how can I send code like PLPGSQL_STATEMENT to the Postgres database?
I could do this, but it is bad practice due to SQL Injection risk:
#Test
public void testSqlInjectionRisk() throws Exception {
String hello = "hello-testSqlInjectionRisk";
String world = "world-testSqlInjectionRisk";
String PLPGSQL_STATEMENT = "" +
"do $$\n" +
"declare\n" +
" my_thing1 varchar(100) = '" + hello + "';\n" +
" my_thing2 varchar(100) = '" + world + "';\n" +
"begin\n" +
" insert into table_things\n" +
" (\n" +
" thing_1_value\n" +
" , thing_2_value\n" +
" )\n" +
" values\n" +
" (\n" +
" my_thing1\n" +
" , my_thing2\n" +
" )\n" +
" ;\n" +
"end\n" +
"$$;";
Class.forName("org.postgresql.Driver");
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(CONNECTION_URI);
Connection conn = basicDataSource.getConnection();
PreparedStatement statement = conn.prepareStatement(PLPGSQL_STATEMENT, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
boolean isResultSet = statement.execute();
conn.close();
Assert.assertFalse(isResultSet);
Question Restated: Is there a problem with the way I am trying to prepare PLPGSQL_STATEMENT? Can PLPGSQL_STATEMENT be prepared?
Update: #Izruo pointed out that I should be using prepareCall, and this seems to be part of the answer. But unfortunately, the following code fails with the same exception:
#Test
public void testEasySqlStatement2() throws Exception {
final String SQL_STATEMENT = "" +
"do $$\n" +
"declare\n" +
" x varchar(100) = ?;\n" +
" y varchar(100) = ?;\n" +
"begin\n" +
" insert into table_things\n" +
" (\n" +
" my_thing1\n" +
" , my_thing2\n" +
" )\n" +
" values\n" +
" (\n" +
" x\n" +
" , y\n" +
" )\n" +
" ;\n" +
"end\n" +
"$$;";
Class.forName("org.postgresql.Driver");
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(CONNECTION_URI);
System.out.println(SQL_STATEMENT);
Connection conn = basicDataSource.getConnection();
CallableStatement statement = conn.prepareCall(SQL_STATEMENT);
statement.setObject(1, "hello", Types.VARCHAR);
statement.setObject(2, "world", Types.VARCHAR);
boolean isResultSet = statement.execute();
conn.close();
Assert.assertFalse(isResultSet);
If I copy the sql statement printed by System.out.println(SQL_STATEMENT); into DataGrip (A database IDE by JetBrains) and run it, then DataGrip asks for me to fill in two parameter values (for the two question marks) and successfully runs the sql statement. In other words, the plpgsql code is syntactically valid (once the params are replaced).
It seems there are three possibilities here, and I cannot tell which is true:
This functionality (creating a CallableStatement/PreparedStatement with plpgsql variables in it) is unsupported.
This functionality is supported but I am doing it wrong.
The functionality is supported, I am using it correctly, but there is a bug.
You cannot call a dynamic procedure directly.
You must first create the procedure (manually or dynamically via a Statement call) and then call the procedure by name.
Statement stmt = conn.createStatement();
stmt.execute("CREATE OR REPLACE FUNCTION myfunc(x text, y text) RETURNS refcursor AS '"
+ "do $$\n"
+ "begin\n"
+ " insert into table_things\n"
+ " (\n"
+ " my_thing1\n"
+ " , my_thing2\n"
+ " )\n"
+ " values\n"
+ " (\n"
+ " x\n"
+ " , y\n"
+ " )\n"
+ " ;\n"
+ "end\n"
+ "$$;"
+ "' language plpgsql");
stmt.close();
// We must be inside a transaction for cursors to work.
conn.setAutoCommit(false);
// Procedure call.
CallableStatement proc = conn.prepareCall("{ call myfunc(?,?)}");
CallableStatement statement = conn.prepareCall(SQL_STATEMENT);
statement.setObject(1, "hello", Types.VARCHAR);
statement.setObject(2, "world", Types.VARCHAR);
try (Connection con = DriverManager.getConnection(dbConnectionString, user, password);
Statement st = con.createStatement();
ResultSet rs = st.executeQuery("SELECT * FROM public.\"Airplanes\" ")) {
while (rs.next()) {
//use result
}
} catch (SQLException ex) {
//handle exception
}
return results;
}
Although Mạnh Quyết Nguyễn's answer is on the right track, it is devoid of an explanation and the suggested workaround is not viable in my case (most cases, I would think).
I received an authoritative answer from postgresql.org.
you attempted to add question marks to a location where they are not interpreted as parameters.
Basically you wrote:
SELECT 'let me say ? ? to you';
Which is a perfectly valid query that has zero input parameters and
will return:
"let me say ? ? to you"
It has no input parameters because the question marks you wrote are
inside a string literal.
The $$...$$ in your DO statement also denote a string literal.
This is unfortunate, as far as I can tell it means the entire PL/pgSQL language is off-limits if you need to pass parameters into that PL/pgSQL code. (Unless, of course, you compile PL/pgSQL procedures or functions either on the fly or as part of schema development). Looks like I cannot send a PL/pgSQL 'script' to the database along with parameters.
Related
I have the following code:
try {
userPasswordNew = new String(ChangePW.passwordFieldconfirm.getPassword());
PreparedStatement prepStmt = connection.prepareStatement(
"UPDATE " + TABLE_NAME + " SET password = " + userPasswordNew + " WHERE username = " + username);
prepStmt.setString(2, BCrypt.hashpw(userPasswordNew, BCrypt.gensalt(bcryptRounds))); //2 represents number of column in database starting with 0
System.out.println(prepStmt);
return prepStmt.executeUpdate() != 0;
} catch (SQLException e) {
e.printStackTrace();
}
I tried 1 2 and 3 as indexes but everytime it throws an Index out of range exception. Is there another way to get the column, maybe adressed with its name? Or what am I doing wrong?
Could somebody please help?
To use prepared statements - please use ? instead provided values. Like in this sample:
String updateString =
"update " + dbName + ".COFFEES " +
"set SALES = ? where COF_NAME = ?";
updateSales = con.prepareStatement(updateString);
To get more, please look here. In your case that could be:
PreparedStatement prepStmt = connection.prepareStatement(
"UPDATE " + TABLE_NAME + " SET password = ? WHERE username = ?");
prepStmt.setString(1, "that new password");
prepStmt.setString(2, "user_name");
I assume password and username are textual values. Hence you will have to enclose the values by quotes.
That is the query will be
"UPDATE " + TABLE_NAME + " SET password = " + userPasswordNew + " WHERE username = " + username
Also, as you are using PreparedStatement, you must not mention the variables in the query. A neater approach would be to use ? instead. Something like this.
"UPDATE " + TABLE_NAME + " SET password = ? WHERE username = ?
And then use .setString() etc methods with userPasswordNew and username.
Check this, https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
When you use PreparedStatement, you define the parameters to pass in the sql statement by placing 1 or more ?.
Then you pass values to these parameters with methods like setString(), setInt(),... The order of the parameters is not 0 based but 1 based.
try {
userPasswordNew = new String(ChangePW.passwordFieldconfirm.getPassword());
PreparedStatement prepStmt =
connection.prepareStatement("UPDATE " + TABLE_NAME +" SET password = ? WHERE username = ?");
prepStmt.setString(1, userPasswordNew);
prepStmt.setString(2, username);
System.out.println(prepStmt);
return prepStmt.executeUpdate() != 0;
} catch (SQLException e) {
e.printStackTrace();
}
In your code there is this line:
prepStmt.setString(2, BCrypt.hashpw(userPasswordNew, BCrypt.gensalt(bcryptRounds)));
I don't know if this is a parameter that you want to pass.
If it is I can't see a ? placeholder in the sql statement.
I'm trying to creat a table in sqlight. I use the following code
// this will now through a exception becouse the table allready exist
sql = "CREATE TABLE IF NOT EXISTS exchangesd (\n"
+ " id integer PRIMARY KEY,\n"
+ " name text ,\n"
+ " publickey ,\n"
+ " privetkey L,\n"
+ " phrase ,\n"
+ ");";
stmt.execute(sql);
The line stmt.execute(sql); generates a exception with the message
"org.sqlite.SQLiteException: [SQLITE_ERROR] SQL error or missing database (near ")": syntax error)"
code:
void test()
{
ted++;
try {
Connection c = null;
Class.forName("org.sqlite.JDBC");
c = DriverManager.getConnection("jdbc:sqlite:ted.db");
Statement stmt = null;
stmt = c.createStatement();
String sql;
// this will now through a exception becouse the table allready exist
sql = "CREATE TABLE IF NOT EXISTS exchangesd (\n"
+ " id integer PRIMARY KEY,\n"
+ " name text ,\n"
+ " publickey ,\n"
+ " privetkey L,\n"
+ " phrase ,\n"
+ ");";
stmt.execute(sql); // EXCEPTION GOES OF HEAR
sql = "INSERT INTO exchangesd (name, publickey, privetkey, phrase ) " +
"VALUES ('exchangea', publickkeya, 'privet keya', 'phasea' );";
stmt.executeUpdate(sql);
}catch(Exception e)
{
ted++;
}
}
You have extra , here:
+ " phrase ,\n"
+ ");";
and the SQL parser fails when seeing the following ) when it is syntactically not possible.
I'm coding some database transactions by using java. I'm sending a query using java. I think it has no problem with it. And if I send the query at prompt, it is working.
This method is updating book quantity.
private static void updateBquantity(int bqt, String bname) {
Connection con = makeConnection();
try {
Statement stmt = con.createStatement();
System.out.println(bqt + " " +bname);
//this part is making problem
stmt.executeUpdate("update books set bookquantity = bookquantity -" + bqt + "where bookname = '" + bname + "';");
System.out.println("<book quantity updated>");
} catch (SQLException e) {
System.out.println(e.getMessage());
System.exit(0);
}
stmt.executeUpdate("update books set bookquantity = bookquantity -" + bqt + "where 도서이름 = '" + bname + "';");
This part is making problem.
Other queries using this form is working.
The compiler says :
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'bookname = 'Davinci Code'' at line 1
Help me.
I'm confused with bookname = 'Davinci Code, where is bookname in your query? No matter what, in this query, you missed a blank before where, try this:
stmt.executeUpdate("update books set bookquantity = bookquantity -" + bqt + " where 도서이름 = '" + bname + "';");
I have a customer that needs a large number of updates done in the database. I have finished trying to persuade them this can be done more cleanly. They want to run a select statement with a "for update nowait" on a select row and then you they want to run the update statement. I have tried this a number of ways but I am getting errors.
String selectQuery = " Select * from " + table + " where column=\'" + column + "\' FOR UPDATE NOWAIT";
String updateQuery = " UPDATE " + table + " SET newcolumn = \'" + newValue + "\' WHERE column = \'" + column + "\' ";
Connection connection = null;
try
{
connection = DriverManager.getConnection(dbURL, dbUsername, dbPassword);
Statement stmt = connection.createStatement();
stmt.addBatch(selectQuery);
stmt.addBatch(updateQuery);
stmt.addBatch(commit);
int [] updateCounts = stmt.executeBatch();
stmt.close();
}
This gets exception:
invalid batch command: invalid SELECT batch command 0
26736 [Thread-11_DataConversion] ERRORDTL - [1424462365738]java.sql.BatchUpdateException: invalid batch command: invalid SELECT batch command 0
at oracle.jdbc.driver.OracleStatement.executeBatch(OracleStatement.java:4462)
at oracle.jdbc.driver.OracleStatementWrapper.executeBatch(OracleStatementWrapper.java:213)
at .BatchTokenizationAgent.executeJob(BatchTokenizationAgent.java:246)
at com.yantra.ycp.agent.server.YCPAbstractAgent.executeOneJob(YCPAbstractAgent.java:392)
at com.yantra.ycp.agent.server.YCPAbstractAgent.processMessage(YCPAbstractAgent.java:294)
at com.yantra.ycp.agent.server.YCPAbstractAgent.run(YCPAbstractAgent.java:160)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
I have also tried:
String selectQuery = " Select * from " + table + " where column=\'" + column + "\' FOR UPDATE NOWAIT; UPDATE " + table + " SET newcolumn = \'" + newValue + "\' WHERE column = \'" + column + "\' ";
Connection connection = null;
try
{
connection = DriverManager.getConnection(dbURL, dbUsername, dbPassword);
Statement stmt = connection.createStatement();
stmt.execute(selectQuery);
stmt.execute(updateQuery);
stmt.close();
}
This gets exception:
java.sql.SQLSyntaxErrorException: ORA-00911: invalid character
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:395)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:802)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:436)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:521)
at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:194)
at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:853)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1145)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1267)
Can someone please point in the correct direction? Thank you so much. This is to be one time job and just needs to work with minimum work needed.
`I am having a problem with doing a PreparedStatement for Java ODBC MySQL. It seems to be cutting off the query, and giving a syntax error. I am not sure how to proceed, as I am only learning Java SQL at this point. I can't really do a self contained example because the problem involves databases, and it would get quite big.
The code with the problem is this..
public void insertEntry(
Hashtable<String, String> strings,
Hashtable<String, Integer> integers,
Date created, Date paid, boolean enabled)
throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.jdbc.Driver");
String dburl = "jdbc:mysql://" + dbHost + "/" + dbName +
"?user=" + dbUser + "&password=" + dbPass;
connect = DriverManager.getConnection(dburl);
ps = connect.prepareStatement("INSERT INTO " + dbName + ".users INSERT " +
"enabled=?, username=?, created=?, paid=?, alias=?, password=?, " +
"email=?, bitmessage=?, torchat=?, reputation=?," +
"privacy=?, fpmport=?, fpm-template=? ;");
java.sql.Date SQLcreated = new java.sql.Date(created.getTime());
java.sql.Date SQLpaid = new java.sql.Date(paid.getTime());
System.out.println("Debug: SQLpaid = " + SQLpaid.toString());
ps.setBoolean(1, enabled);
ps.setString(2, strings.get("username"));
ps.setDate(3, SQLcreated);
ps.setDate(4, SQLpaid);
ps.setString(5, strings.get("alias"));
ps.setString(6, strings.get("password"));
ps.setString(7, strings.get("email"));
ps.setString(8, strings.get("bitmessage"));
ps.setString(9, strings.get("torchat"));
ps.setInt(10, integers.get("reputation"));
ps.setInt(11, integers.get("privacy"));
ps.setInt(12, integers.get("fpmport"));
ps.setString(13, strings.get("fpm-template"));
ps.executeUpdate();
ps.close();
connect.close();
resultSet.close();
}
I get the following output when trying to use this method...
Debug: SQLpaid = 1990-03-21
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorEx ception: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT enabled=0, username='default_username', created='2000-03-21', paid='1990-' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInsta nce0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInsta nce(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newI nstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Construc tor.java:532)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:41 1)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLErro r.java:1054)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.ja va:4237)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.ja va:4169)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:26 17)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java :2778)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionIm pl.java:2834)
at com.mysql.jdbc.PreparedStatement.executeInternal(P reparedStatement.java:2156)
at com.mysql.jdbc.PreparedStatement.executeUpdate(Pre paredStatement.java:2441)
at com.mysql.jdbc.PreparedStatement.executeUpdate(Pre paredStatement.java:2366)
at com.mysql.jdbc.PreparedStatement.executeUpdate(Pre paredStatement.java:2350)
at database.Users.insertEntry(Users.java:297)
at test.dbUsers.main(dbUsers.java:95)
i think your doing some mistake in your code:
these are following as:
1. your mention INSERT and you should must change like SET
2. your adding the ;in your SQL Query you should remove that.
your code:
ps = connect.prepareStatement
("INSERT INTO " + dbName + ".users INSERT " #look here error to change 'set' +
"enabled=?, username=?, created=?, paid=?, alias=?, password=?, " +
"email=?, bitmessage=?, torchat=?, reputation=?," +
"privacy=?, fpmport=?, fpm-template=? ; " #remove this semicolon(;));
you should must change like as:
ps = connect.prepareStatement
("INSERT INTO " + dbName + ".users SET " +
"enabled=?, username=?, created=?, paid=?, alias=?, password=?, " +
"email=?, bitmessage=?, torchat=?, reputation=?," +
"privacy=?, fpmport=?, fpm-template=? ");
Change:
INSERT INTO " + dbName + ".users INSERT "
To:
INSERT INTO " + dbName + ".users SET "
Refer to:
MySQL: INSERT Syntax
INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE]
[INTO] tbl_name
[PARTITION (partition_name,...)]
SET col_name={expr | DEFAULT}, ...
[ ON DUPLICATE KEY UPDATE
col_name=expr
[, col_name=expr] ... ]