If I execute:
Connection conn = null;
PreparedStatement LoginStatement = null;
ResultSet LoginResult = null;
UpdateData();
String LoginQuery = "SELECT * FROM USERS WHERE USER_NAME = ? AND PASSWORD = ? ";
try{
System.out.println(LoginQuery);
conn = DatabaseConnection.getDBCon();
LoginStatement = conn.prepareStatement(LoginQuery);
LoginStatement.setString(1, "ett");
LoginStatement.setString(2, "ett");
LoginResult = LoginStatement.executeQuery(LoginQuery);
i receive Exception: 63000 - ORA-03115: unsupported network datatype or representation
If i cahnge the ? to '?'
Connection conn = null;
PreparedStatement LoginStatement = null;
ResultSet LoginResult = null;
UpdateData();
String LoginQuery = "SELECT * FROM USERS WHERE USER_NAME = '?' AND PASSWORD = '?' ";
try{
System.out.println(LoginQuery);
conn = DatabaseConnection.getDBCon();
LoginStatement = conn.prepareStatement(LoginQuery);
LoginStatement.setString(1, "ett");
LoginStatement.setString(2, "ett");
LoginResult = LoginStatement.executeQuery(LoginQuery);
I get
Exception: 99999 - Ungültiger Spaltenindex
which basically means wrong column index.
This is not true, I set index 1 and 2 and there are 2 placeholders and the index starts with 1 .... any ideas?
Simply:
executeQuery(LoginQuery); // Statement
must be
executeQuery(); // PreparedStatement
A bit hideous API design and error message.
Also as PASSWORD is a reserved word try
"SELECT * FROM USERS WHERE USER_NAME = ? AND \"PASSWORD\" = ? "
Change your code to
LoginResult = LoginStatement.executeQuery();
You can see more about first exception here java.sql.SQLException: ORA-03115: unsupported network datatype or representation
Use executeQuery() in place of executeQuery(LoginQuery);
No need to change ? to '?'
executeQuery(String query) method cannot be called on a PreparedStatement or CallableStatement. Use executeQuery()
Note the distinction between the following calls:
//PreparedStatement
PreparedStatement.executeQuery(); //Generally used for Stored procedures
//Statement
bool res = Statement.execute(String sql);
ResultSet rs = Statement.executeQuery(String sql);
Related
I need to select rows from mysql table based on various criteria, for example Colour= Black, or size= L.
The code works without the preparedstatement and the question marks, but whenever I attempt to use the question marks the code does not run.
I have read something about typing the question mark like \'?'// but I am not sure about the exact format.
String URL = "jdbc:mysql://localhost:3306/clothing";
String USERNAME = "root";
String PASSWORD = "password";
Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);
Statement stmt = con.createStatement();
String sql= "SELECT * FROM clothing.Lostandfound WHERE Colour = ? AND Size = ?;";
ResultSet rs = stmt.executeQuery(sql);
PreparedStatement preparedStmt = con.prepareStatement(sql);
preparedStmt.setString(1, Data1);
preparedStmt.setString(2, Data2);
Also, Size is written out in orange colour, but the error happens also when I only use this sql String
String sql= "SELECT * FROM clothing.Lostandfound WHERE Colour = ?;";
I have looked at like 20 different answers, but didnt find anything helpful, so thanks in advance for any help!
You are executing the query using a normal java.sql.Statement, not using a java.sql.PreparedStatement. This won't work because a normal Statement does not support parameterized queries. So, remove the creation and execution of the Statement, and make sure you execute the statement using the PreparedStatement:
String URL = "jdbc:mysql://localhost:3306/clothing";
String USERNAME = "root";
String PASSWORD = "password";
String sql= "SELECT * FROM clothing.Lostandfound WHERE Colour = ? AND Size = ?;";
try (Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);
PreparedStatement preparedStmt = con.prepareStatement(sql)) {
preparedStmt.setString(1, Data1);
preparedStmt.setString(2, Data2);
try (ResultSet rs = preparedStmt.executeQuery()) {
// process result set
}
}
Also note the addition of try-with-resources, which will ensure connections, statements and result sets are closed correctly.
I am using Java 8 and oracle.
I have confirmed that this code is working:
Statement stmt = null;
String query = "select * from custref";
stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);
while (rs.next()) {
String cName = rs.getString("CUSTOMER_NAME");
System.out.println(cName);
}
When I change it to this, it does not give any results:
PreparedStatement prepStmt = null;
String query = "select * from custref where CUSTOMER_NUMBER = ?";
prepStmt = con.prepareStatement(query);
prepStmt.setString(1, "12344321");
ResultSet rs = prepStmt.executeQuery();
while (rs.next()) {
String cName = rs.getString("CUSTOMER_NAME");
System.out.println(cName);
}
I have confirmed that my data type is VARCHAR hence the set string. I know my connections are fine because the basic search works just when I switch to parameterized it doesn't fail or throw exceptions it just doesn't have a result set. I have also tried the :customerNumber convention instead of the ? and this didn't work either. This is quite embarrassing but I am at my end here, nothing I can find seems to address this.
I am trying to connect to database in Java. It's a simple program.
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost/servlets","root","");
smt = con.createStatement();
query = "select pass from users where uname = "+uname;
System.out.println(query);
rs = smt.executeQuery(query);
if((rs.getString("pass"))==pass){
out.println("correct pass...logged in..");
}
else {
out.println("Incorrect pass...not logged in..");
}
But it says
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an
error in your SQL syntax; check the manual that corresponds to your
MariaDB server version for the right syntax to use near '#gmail.com'
at line 1
I am trying to verify the password for a particular email-id.
At this line
query = "select pass from users where uname = "+uname;
You have not quoted the uname, so if the value is name#gmail.com this results in a syntax error. I.e. the actual statement being sent to the DB is
select pass from users where uname = name#gmail.com
which is invalid. You should be using PreparedStatement instead
query = "select pass from users where uname = ?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1,uname);
ResultSet rs = ps.executeQuery();
Replace this
query = "select pass from users where uname = "+uname;
to
query = "select pass from users where uname = "'+uname+'" ";
or try
query = "select pass from users where uname = ? ";
I've written the following code (snippet):
conn = Pooling.getDataSource().getConnection();
String databaseName = Configuration.getDatabaseName();
String sql = "SELECT * FROM " + databaseName + ".companies WHERE companyemail = ? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, username);
prepStat.setString(2, password);
System.out.println("LoginService: prepStat = " + prepStat.toString());
ResultSet rs = prepStat.executeQuery(sql);
...
Now, when I execute this, I'm getting a MySQLSyntaxErrorException. The prepStat.toString() prints:
SELECT * FROM dbname.companies WHERE companyemail = 'comp#comp.com' AND companypassword = MD5('passwort')
And a simple copy and paste to SequelPro successfully return a result.
However, the backend still claims that there is an error in the syntax:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? AND companypassword = MD5(?)' at line 1
Maybee I'm blind but I do not see an error here? But what is happening here?
Okay, I found out what the problem was. I used:
ResultSet rs = prepStat.executeQuery(sql);
However, I should have used
ResultSet rs = prepStat.executeQuery();
instead.
Try this:
String sql = "SELECT * FROM '" + databaseName + ".companies' WHERE companyemail=? AND companypassword = MD5(?)";
Notice the single quote before the databaseName variable and after .companies . I think that could be the problem.
Or you could do this:
String sql = "SELECT * FROM ? WHERE companyemail =? AND companypassword = MD5(?)";
PreparedStatement prepStat = conn.prepareStatement(sql);
prepStat.setString(1, databaseName);
prepStat.setString(2, username);
prepStat.setString(3, password);
I believe the problem is at the level of parsing the databaseName to the prepared statement.
I have a simple requirement of getting timestampdifF in mysql database and use the resultset value in java code to check a condition if the timestampdiff is greater than 15 minutes, if yes do some update in DB or else skip and continue the next flow.
However, I am not getting the correct value when I pass the result set value in Java. The same query returns the correct value when executed on the database directly. Below is a snippet of my code:
Connection conn = null;
PreparedStatement stmt = null;
ResultSet rs = null;
String Diff = null;
try {
conn = Daofactory.getconnection();
String sql = "select TIMESTAMPDIFF(MINUTE,max(start_tstamp),NOW()) as timediff from app.process_log where status = 'P'";
stmt = conn.prepareStatement(sql);
rs = stmt.executeQuery();
while(rs.next()) {
log.info("Inside while loop");
Diff = rs.getString(1);
}
if(Diff.equalsIgnoreCase("15")) {
String sql1 = "update statement here";
stmt = conn.prepareStatement(sql1);
int i = stmt.executeUpdate();
}
When I execute the query on DB directly it returns the correct value in minutes; however, when I run the program the timeDiff is always 0. How can I fix this?