I am facing a problem while executing this sql query. The variable combo_sel doesn't seem to be replaced in the sql query.
Could you help me find the error?
String combo_sel = String.valueOf(station_type.getSelectedItem());
sql="Select reporting_date as REPORTING_DATE,for_date as FOR_DATE,outage_date as OUTAGE_DATE,outage_time as OUTAGE_TIME,stat_detail as STATION_DETAILS,res_date as RESTORATION_DATE,rest_time as RESTORATION_TIME,rest_reason as RESTORATION_REASON from " + table_sel+" where for_date='" + date1 + "' and stat_detail ="+ combo_sel ;
Related
I am trying to execute a select query from Java, the tricky part is that both the condition and the column have a String with spaces :
String query = "select rule_name "+
" from rules " +
" where rule_name = " m_rule; //rule_name = str tf //m_rule = str tf
So the query output :
select rule_name
from rules
where rule_name = str tf
The error code - ORA-00920 - I belive it is because of the spaces.
Is there any way to fix this?
The error that you are facing basically means :
ORA-00920: invalid relational operator
This is the blank that is causing the issue. Your Java code should enclose the conditional parameter in quotes:
String query = "select rule_name "+
" from rules " +
" where rule_name = '" + m_rule + "'";
Hope this will help!
I want to insert some data into a table named USERLOGIN and be sure that no duplicate data will be inserted.
I wrote this code as my insert quesry in a java program:
String sql = "INSERT INTO USERLOGIN (" + "deleted," + "loginTime," + "userIpAddress," + "username)" + "VALUES(?,?,?,?)"+ "WHERE "+"? NOT IN (SELECT loginTime FROM USERLOGIN )";
I want to check duplicate entries based on loginTime property.
However when I run my code I got this error: You have an error in your sql syntax
Could you please help me with this problem. I really appreciate that.
use this query :-
String sql = "INSERT INTO USERLOGIN (deleted, loginTime, userIpAddress, username) " + "VALUES(?,?,?,?) " + "WHERE "+"? NOT IN (SELECT loginTime FROM USERLOGIN )";
We're using JdbcTemplate to modify our underlying Oracle database. We're doing this by way of the update(String sql) method.
The code looks somehow like the following:
String name = "My name's yellow";
String sql = "update FIELD set NAME = '" + name "' where ID = 10
jdbcTemplate.update(sql);
This causes the error:
java.sql.SQLException: ORA-00933: SQL command not properly ended
The problem is the unescaped ' in the name variable.
What's the most convenient and correct way to escape this character?
Use PreparedStatement. That way you nominate a placeholder and the JDBC driver will perform this correctly by sending the database the statement, plus the parameters as arguments.
String updateStatement =
"update " + dbName + ".COFFEES " +
"set TOTAL = TOTAL + ? " +
"where COF_NAME = ?";
PreparedStatement updateTotal = con.prepareStatement(updateStatement);
updateTotal.setInt(1, e.getValue().intValue());
updateTotal.setString(2, e.getKey());
The question marks in the above represent the placeholders.
Because these values get passed as parameters, you don't have problems with quoting, and it protects you against SQL injection too.
Try for name :
if ( name.contains("'") ){
name.replaceAll("'", "''");
}
this is my sql statement in java.
//validating for employee no exits in database or not
String importTable = getConfig().getImportTable();
String sql = "update "
+ importTable
+ " set errMsg = case when errMsg is null or errMsg ='' then '' else errMsg + '<br>' end "
+ "+ 'Employeeno doesn't exists in the database.(' + employeeno + ')' "
+ " where employeeno is not null and not exists (select * from uae_empinfo where employee = "
+ importTable + ".cid)";
executeCommand(sql);
this is the error:-
org.springframework.dao.DataIntegrityViolationException: StatementCallback; SQL []; Invalid SQL statement or JDBC escape, terminating ''' not found.; nested exception is java.sql.SQLException: Invalid SQL statement or JDBC escape, terminating ''' not found.
Your problem is that you have an embedded single quote here:
+ "+ 'Employeeno doesn't exists in the database.(' + employeeno + ')' "
// -------------------^
So you end up with unbalanced single quotes and invalid SQL. You need to properly escape your text before trying to turn it into SQL.
You need to use PreparedStatement, instead.
I am trying to run a query in java that uses a java.sql.Timestamp object as the date to compare with in the where clause.
Here is how the query string that is built in Java
String getTransactionsSQL = "Select transaction_seq " +
"From transactions ct " +
"Where id = 'ABCD'" +
"And ct.out_msg_timestamp" +
"<= to_date('" + parseDate.getTimeStamp() +"','YYYY-MM-DD HH:MI:SS..')" +
"order by transaction_seq";
The statement parseDate.getTimeStamp() returns a java.sql.TimeStamp object that contains a date. Here is an example output of System.out.println(parseDate.getTimeStamp());
2011-03-07 05:47:57.0
When i run the above query i get this error
java.sql.SQLException: ORA-01843: not a valid month
Any clues?
Use PreparedStatement: http://download.oracle.com/javase/6/docs/api/java/sql/PreparedStatement.html
Never use string concatenation to pass arguements to SQL commands (security risk: SQL injection)!