The syntax that from the java code is not applicable to mysql. The setString() from java will come out with ' and not ` which is not accepted in mysql.
I tried in my localhost to run the code, it really not accepting 'doctor' and only accept ``doctor`.
Below are my code:
PreparedStatement ps = con.prepareStatement("SELECT id FROM ? WHERE id = ?");
ps.setString(1, "doctor");
ps.setInt(2, 123);
ResultSet rs = ps.executeQuery();
and there is an error
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''doctor' WHERE id = 123' at line 1
It's because your code produces following query:
SELECT id FROM 'doctor' WHERE id = 123
As you can see table name is used as a String which is invalid SQL Syntax, so you can either hard code table name and or if you really want it to be dynamic you can achieve it like:
String sql = String.format("SELECT id from %s where id = ?", tblName);
PreparedStatement ps = con.prepareStatement(sql);
ps.setInt(1, 123);
ResultSet rs = ps.executeQuery();
Related
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");
When using special character in MySql query :
String query = "select ID,Age,Income (k$),Score (1-100) from employee";
PreparedStatement statement = connection.prepareStatement(query);
ResultSet resultSet = statement.executeQuery();
getting following error:
java.sql.SQLException: Bad format for number 'ID,Age,Income (k$),Score (1-100)' in column 1.
Get resolved by adding `` to each column like "select ID,Age,Income (k$),Score (1-100) from employee"
I've written the following code (snippet):
conn = Pooling.getDataSource().getConnection();
String databaseName = Configuration.getDatabaseName();
String sql = "SELECT * FROM " + databaseName + ".companies WHERE companyemail = ? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, username);
prepStat.setString(2, password);
System.out.println("LoginService: prepStat = " + prepStat.toString());
ResultSet rs = prepStat.executeQuery(sql);
...
Now, when I execute this, I'm getting a MySQLSyntaxErrorException. The prepStat.toString() prints:
SELECT * FROM dbname.companies WHERE companyemail = 'comp#comp.com' AND companypassword = MD5('passwort')
And a simple copy and paste to SequelPro successfully return a result.
However, the backend still claims that there is an error in the syntax:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? AND companypassword = MD5(?)' at line 1
Maybee I'm blind but I do not see an error here? But what is happening here?
Okay, I found out what the problem was. I used:
ResultSet rs = prepStat.executeQuery(sql);
However, I should have used
ResultSet rs = prepStat.executeQuery();
instead.
Try this:
String sql = "SELECT * FROM '" + databaseName + ".companies' WHERE companyemail=? AND companypassword = MD5(?)";
Notice the single quote before the databaseName variable and after .companies . I think that could be the problem.
Or you could do this:
String sql = "SELECT * FROM ? WHERE companyemail =? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, databaseName);
prepStat.setString(2, username);
prepStat.setString(3, password);
I believe the problem is at the level of parsing the databaseName to the prepared statement.
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");
i want to get the Number of Entries in a table in My java Project.
This is my code:
int count = 0;
Statement st = Mysql.con.createStatement();
ResultSet rs= st.executeQuery("select count(*) from keys where spieler =" +p.getName());
while (rs.next()){
count = rs.getInt(1);
}
I am getting following SQLEXCEPTION:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your
SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'keys where spieler =Pit910' at line 1
What is worng?
Thanks!
keys is a reserved MySQL keyword which needs to be escaped (either that or ALTER the table to give it a different name). Try this
PreparedStatement preparedStatement =
con.prepareStatement("select count(*) from `keys` where spieler = ?");
preparedStatement.setString(1, p.getName());
ResultSet rs= preparedStatement.executeQuery();
...
Use quotes around text field values,
You can optionally use backtick around field name or use table_name.field_name
ResultSet rs= st.executeQuery("select count(*) from
`keys` where spieler = '" + p.getName() + "' ");