I've written the following code (snippet):
conn = Pooling.getDataSource().getConnection();
String databaseName = Configuration.getDatabaseName();
String sql = "SELECT * FROM " + databaseName + ".companies WHERE companyemail = ? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, username);
prepStat.setString(2, password);
System.out.println("LoginService: prepStat = " + prepStat.toString());
ResultSet rs = prepStat.executeQuery(sql);
...
Now, when I execute this, I'm getting a MySQLSyntaxErrorException. The prepStat.toString() prints:
SELECT * FROM dbname.companies WHERE companyemail = 'comp#comp.com' AND companypassword = MD5('passwort')
And a simple copy and paste to SequelPro successfully return a result.
However, the backend still claims that there is an error in the syntax:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? AND companypassword = MD5(?)' at line 1
Maybee I'm blind but I do not see an error here? But what is happening here?
Okay, I found out what the problem was. I used:
ResultSet rs = prepStat.executeQuery(sql);
However, I should have used
ResultSet rs = prepStat.executeQuery();
instead.
Try this:
String sql = "SELECT * FROM '" + databaseName + ".companies' WHERE companyemail=? AND companypassword = MD5(?)";
Notice the single quote before the databaseName variable and after .companies . I think that could be the problem.
Or you could do this:
String sql = "SELECT * FROM ? WHERE companyemail =? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, databaseName);
prepStat.setString(2, username);
prepStat.setString(3, password);
I believe the problem is at the level of parsing the databaseName to the prepared statement.
Related
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");
The syntax that from the java code is not applicable to mysql. The setString() from java will come out with ' and not ` which is not accepted in mysql.
I tried in my localhost to run the code, it really not accepting 'doctor' and only accept ``doctor`.
Below are my code:
PreparedStatement ps = con.prepareStatement("SELECT id FROM ? WHERE id = ?");
ps.setString(1, "doctor");
ps.setInt(2, 123);
ResultSet rs = ps.executeQuery();
and there is an error
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''doctor' WHERE id = 123' at line 1
It's because your code produces following query:
SELECT id FROM 'doctor' WHERE id = 123
As you can see table name is used as a String which is invalid SQL Syntax, so you can either hard code table name and or if you really want it to be dynamic you can achieve it like:
String sql = String.format("SELECT id from %s where id = ?", tblName);
PreparedStatement ps = con.prepareStatement(sql);
ps.setInt(1, 123);
ResultSet rs = ps.executeQuery();
I am trying to connect to database in Java. It's a simple program.
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost/servlets","root","");
smt = con.createStatement();
query = "select pass from users where uname = "+uname;
System.out.println(query);
rs = smt.executeQuery(query);
if((rs.getString("pass"))==pass){
out.println("correct pass...logged in..");
}
else {
out.println("Incorrect pass...not logged in..");
}
But it says
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an
error in your SQL syntax; check the manual that corresponds to your
MariaDB server version for the right syntax to use near '#gmail.com'
at line 1
I am trying to verify the password for a particular email-id.
At this line
query = "select pass from users where uname = "+uname;
You have not quoted the uname, so if the value is name#gmail.com this results in a syntax error. I.e. the actual statement being sent to the DB is
select pass from users where uname = name#gmail.com
which is invalid. You should be using PreparedStatement instead
query = "select pass from users where uname = ?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1,uname);
ResultSet rs = ps.executeQuery();
Replace this
query = "select pass from users where uname = "+uname;
to
query = "select pass from users where uname = "'+uname+'" ";
or try
query = "select pass from users where uname = ? ";
If I execute:
Connection conn = null;
PreparedStatement LoginStatement = null;
ResultSet LoginResult = null;
UpdateData();
String LoginQuery = "SELECT * FROM USERS WHERE USER_NAME = ? AND PASSWORD = ? ";
try{
System.out.println(LoginQuery);
conn = DatabaseConnection.getDBCon();
LoginStatement = conn.prepareStatement(LoginQuery);
LoginStatement.setString(1, "ett");
LoginStatement.setString(2, "ett");
LoginResult = LoginStatement.executeQuery(LoginQuery);
i receive Exception: 63000 - ORA-03115: unsupported network datatype or representation
If i cahnge the ? to '?'
Connection conn = null;
PreparedStatement LoginStatement = null;
ResultSet LoginResult = null;
UpdateData();
String LoginQuery = "SELECT * FROM USERS WHERE USER_NAME = '?' AND PASSWORD = '?' ";
try{
System.out.println(LoginQuery);
conn = DatabaseConnection.getDBCon();
LoginStatement = conn.prepareStatement(LoginQuery);
LoginStatement.setString(1, "ett");
LoginStatement.setString(2, "ett");
LoginResult = LoginStatement.executeQuery(LoginQuery);
I get
Exception: 99999 - Ungültiger Spaltenindex
which basically means wrong column index.
This is not true, I set index 1 and 2 and there are 2 placeholders and the index starts with 1 .... any ideas?
Simply:
executeQuery(LoginQuery); // Statement
must be
executeQuery(); // PreparedStatement
A bit hideous API design and error message.
Also as PASSWORD is a reserved word try
"SELECT * FROM USERS WHERE USER_NAME = ? AND \"PASSWORD\" = ? "
Change your code to
LoginResult = LoginStatement.executeQuery();
You can see more about first exception here java.sql.SQLException: ORA-03115: unsupported network datatype or representation
Use executeQuery() in place of executeQuery(LoginQuery);
No need to change ? to '?'
executeQuery(String query) method cannot be called on a PreparedStatement or CallableStatement. Use executeQuery()
Note the distinction between the following calls:
//PreparedStatement
PreparedStatement.executeQuery(); //Generally used for Stored procedures
//Statement
bool res = Statement.execute(String sql);
ResultSet rs = Statement.executeQuery(String sql);
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");