I'm trying to update the column amount if the buyid (primary key) is a specific value.
UPDATE portfolio set amount=40 WHERE buyid=3
I work with JDBC and MySql, everytime I try to execute the statement i get the following exception:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'buyid=3' at
line 1
table structure of portfolio:
buyid int
username varchar
stockname varchar
priceperstock float
amount int
Javasourcecode:
public void sellStock(int buyid, int amount, float currentprice, String user) {
...
try {
stmt = this.conn.createStatement();
System.out.println(fetchedamount);
System.out.println("UPDATE portfolio
SET amount=" + fetchedamount
+ " WHERE buyid=" + buyid);
stmt.execute("UPDATE stockman.portfolio
SET amount=" + fetchedamount
+ "WHERE buyid=" + buyid+"");
// update capital
newmoney = amount * currentprice + oldmoney;
} catch (SQLException ee) {
ee.printStackTrace();
}
At stmt.execute() Your generated query is like
"UPDATE stockman.portfolio set amount=23WHERE buyid=54 "
Here 23Where is one whole string so you have to give space between these two.
Give space between " and Where like the following:
" WHERE buyid="
And remove the last +""
Just add space before Where it will solve the problem.
stmt.execute("UPDATE stockman.portfolio
SET amount=" + fetchedamount
+ " WHERE buyid=" + buyid+"");
Repleace the stm.execute line with:
stmt.execute("UPDATE stockman.portfolio SET amount=" + fetchedamount + " WHERE buyid=" + buyid+" ");
Or:
stmt.execute("UPDATE stockman.portfolio SET amount='" + fetchedamount + "' WHERE buyid='" + buyid+"' ");
Related
I have a web application where 3 inputs are taken from the user and after clicking search button results are displayed. The three inputs are; id (not unique), startdate and enddate. I want to be able to get the results in these situations: If the user enters
only id
only start date (enrolldate in db table)
only end date (graduationdate in db table)
id and start date
when all the fields entered together
In my StudentManager.java class I have a SQL string like below;
final String SQL_STU = " select "
+ " t.name,"
+ " t.surname, "
+ " t.lecture,"
+ " from studenttable t "
+ " where t.school = 'CHC' "
+ " and t.id = case when '" + studentInfo.getID() + "'" +" is null then t.id else '" + studentInfo.getID() + "' end "
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end "
+ " and t.graduationdate >= case when '" + studentInfo.getEndDate() + "' is null then t.graduationdate else to_date('"
+ studentInfo.getEndDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
I will execute this query and get the results into a result set.
I have a couple of problems with this code; for example when I comment out this part:
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end "
+ " and t.graduationdate >= case when '" + studentInfo.getEndDate() + "' is null then t.graduationdate else to_date('"
+ studentInfo.getEndDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
It works without errors but when I give all the inputs null (id, date1, date2) it displays nothing. Shouldn't it display all the results since there is no specific id? (User will not be able to submit 3 empty fields but I am curious why it does not work like the way I mentioned? )
The other thing is when I execute the whole code (with to_date parts) it gives the error in the title. But it does not give any error when I execute like this:
final String SQL_STU = " select "
+ " t.name,"
+ " t.surname, "
+ " t.lecture,"
+ " from studenttable t "
+ " where t.school = 'CHC' "
+ " and t.enrolldate >= case when '" + studentInfo.getStartDate() + "' is null then t.enrolldate else to_date('"
+ studentInfo.getStartDate() + "', 'DD.MM.YYYY HH24:MI:SS') end " ;
So in summary I couldn't write the query the way I wanted. I am not that experienced with queries. If you know any better way you can also suggest it since I have come to a dead end. I also tried something with NVL but I could not make it work also.
Notes:
ID, StartDate,EndDate are type string in my StudentInfo.java class
id is type varchar and dates are type date in database table.(PL/SQL)
The best answer to your question is to use a prepared statement:
String sql = "SELECT t.name, t.surname, t.lecture ";
sql += "FROM studenttable t ";
sql += "WHERE t.school = 'CHC' AND "
sql += "t.id = COALESCE(?, t.id) AND ";
sql += "t.entrolldate >= COALESCE(?, t.enrolldate) AND ";
sql += "t.graduationdate >= COALESCE(?, t.graduationdate)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setInt(1, studentInfo.getID());
ps.setDate(2, studentInfo.getStartDate());
ps.setDate(3, studentInfo.getEndDate());
ResultSet rs = ps.executeQuery();
while (rs.next()) {
// process a row
}
The reason why using a statement is preferred is that it frees you from having to manually marshal your Java date (and other type) variables into your Oracle SQL statement. Instead, the above code lets the JDBC driver worry about how to convert a Java date variable to the correct format in the actual SQL code. Also, statements allow you to write a SQL query with minimal concatenations, which reduces the chances for error and typos.
Note that you might have to call a setter other than PreparedStatement#setDate depending on the what getStartDate() and getEndDate() methods actually return in your Java code.
I have 2 tables. A booking table and a room table. In the booking table I have the following columns: BookingID StartDate EndDate CustomerID RoomID
In the Room table I have the following columns: RoomID RoomSize
I am creating a booking system. I want to be able to query the database where I am able to get a list of rooms that are booked between 2 dates which are also based on size (small, medium or large) types.
E.g. if user clicks on small room and enters dates between 2010-02-02 to 2010-02-25 then 4 should appear as my database contains 4 small rooms that are booked between those dates.
This is what I have so far:
String sqlStatement = "select RoomID from Booking where RoomID in (select Room.RoomID from Room where Room.RoomSize is " + type + ") AND ((Booking.StartDate between "+ startD +" AND " + endD + ") OR (Booking.EndDate between "+ startD + " AND " + endD + "))";
This is the error I am getting:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Medium) AND ((Booking.StartDate between 2016-02-09 AND 2016-02-09) OR (Booking.E' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
I am new to SQL and having trouble doing this. Also, is my logic right?
startD and endD represents the dates that the user has entered and typeOfRoom represent the type of the room the user wants to book; e.g. eithier Small, Medium or Large
Do not use string concatenation to insert user-supplied values into SQL, especially for strings. It will leave you open to SQL Injection attacks, and SQL syntax issues. Use a PreparedStatement.
Also, replace is with =.
String sql = "select RoomID" +
" from Booking" +
" where RoomID in (" +
"select Room.RoomID" +
" from Room" +
" where Room.RoomSize = ?" +
")" +
" and ((Booking.StartDate between ? AND ?)" +
" or (Booking.EndDate between ? AND ?))";
try (PreparedStatement stmt = conn.prepareStatement(sql)) {
stmt.setString(1, type);
stmt.setDate (2, startD);
stmt.setDate (3, endD);
stmt.setDate (4, startD);
stmt.setDate (5, endD);
try (ResultSet rs = stmt.executeQuery()) {
while (rs.next()) {
// code here
}
}
}
The date handling look ok I think, but you need to quote the type string in the statement. And you should not use is, just use normal =
String sqlStatement = "select RoomID from Booking where RoomID in (select Room.RoomID from Room where Room.RoomSize = '" + type + "') AND ((Booking.StartDate between "+ startD +" AND " + endD + ") OR (Booking.EndDate between "+ startD + " AND " + endD + "))";
Can you try if this statement works? I have replaced the 'is' keyword with '=' operator and put all the variables between "".
String sqlStatement = "select RoomID from Booking where RoomID in (select Room.RoomID from Room where Room.RoomSize = \"" + type + "\") AND ((Booking.StartDate between \""+ startD +"\" AND \"" + endD + "\") OR (Booking.EndDate between \""+ startD + "\" AND \"" + endD + "\"))";
I have some problems with an application developed in Java that uses postgreSQL as a DB. I managed to make a dummy query as follows:
String sql = "INSERT INTO voicemessages (UNIQUEID,MSGNM,DIR,CONTEXT,MACROCONTEXT,CALLERID, ORIGTIME,DURATION, FLAG,MAILBOXUSER,MAILBOXCONTEXT,RECORDING, LABEL, read ) "
+ "VALUES (1, 1, 'dir/dir1/msgs', 'message', 'message', '6001', '15/01/2015 13:31:25', '1:32', 'flag', 'Georgi Georgiev', 'Georgi Georgiev', '12314124', 'some label', false);";
And it works perfect when I execute the statement. A row in the DB is created and I am able to display the data using:
SELECT * FROM voicemessages;
The problem is when I create my own VoiceMail class and when I create an object from this type and put in the query the getters and setters for this object I receive some kind of an error:
org.postgresql.util.PSQLException: ERROR: column "dir" does not exist Hint:There is a column named "dir" in table "voicemessages", but it cannot be referenced from this part of the query.Position: 169
I am trying to insert a row by using and executing this:
String sql = "INSERT INTO voicemessages (UNIQUEID,MSGNM,DIR,CONTEXT,MACROCONTEXT,CALLERID, ORIGTIME,DURATION, FLAG,MAILBOXUSER,MAILBOXCONTEXT,RECORDING, LABEL, read ) "
+ "VALUES (" + message01.getUniqueId() + ", " + message01.getMessageNumber() + ", " + message01.getDirectory() + ", " + message01.getContext() + ", " + message01.getMacroContext() + ", " + message01.getCallerId() + ", " +message01.getOrigTime() + ", " + message01.getDuration() + ", " + message01.getFlag() + ", " + message01.getMailboxUser() + ", " +message01.getMailboxContext() + ", " + message01.getRecording() + ", " + message01.getLabel() + ", " + message01.getRead()+ ");"+" ";
Any help or suggestion is appreciated.
Thank you in advance!
Do not use Direct values use parameters for safety, What happens is that the SQL statement you passĀ is parsed to prepare and compiled by the database. So by sending the actual SQL separately from the parameters, you limit the risk of SQL injection
I am new to Java and MYSql in fact using this combination first time and facing real trouble. I want to insert few records in a table but unable to do so. Following are the fields and datatype in the table named tbl_cdr in MySql.
**Field** **Type**
DATEANDTIME datetime NULL
VALUE1 int(50) NULL
VALUE2 varchar(50) NULL
VALUE3 varchar(50) NULL
VALUE4 varchar(50) NULL
VALUE5 varchar(50) NULL
The record I want to insert contains following values
2014-05-19 02:37:18, 405, MGW190514023718eab4, 923016313475, IN, ALERTSC
I am using following query and statements to Insert record in table
sqlQuery = "INSERT INTO tbl_cdr (DATEANDTIME,VALUE1,VALUE2,VALUE3,VALUE4,VALUE5)" + "VALUES ("+ forDateAndTime.format(date) + ", " + columnsList.get(1) + ", " + columnsList.get(2) + ", " + columnsList.get(3) + ", " + columnsList.get(4) + ", " + columnsList.get(5) + ")";
try
{
Statement qryStatement = conn.createStatement();
qryStatement.executeUpdate(sqlQuery);
qryStatement.close();
} catch (SQLException ex)
{
Logger.getLogger(CdrProject.class.getName()).log(Level.SEVERE, null, ex);
}
But when I reach the statement qryStatement.executeUpdate(sqlQuery); exception is thrown as:
MySQLSyntaxErrorException: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near '02:37:18, 405, MGW190514023718eab4,
923016313475, IN, ALERTSC)' at line 1
value2 ,value3 ,value4 and value 5 are varchars so it should be written within ''.
Do like this
sqlQuery = "INSERT INTO tbl_cdr (DATEANDTIME,VALUE1,VALUE2,VALUE3,VALUE4,VALUE5)" + "VALUES ("+ forDateAndTime.format(date) + ", " + columnsList.get(1) + ", '" + columnsList.get(2) + "',' " + columnsList.get(3) + "',' " + columnsList.get(4) + "',' " + columnsList.get(5) + "')";
You're inserting the date incorrectly. MySQL allows you to insert a string literal or a number.
You're trying to use 02:37:18 as a number, when really you should be using it as a string literal: '02:37:18'
Here is the MySql Reference describing this.
You're also not treating your varchars as strings either, they should be enclosed with quotes.
I have a ResultSet that I know contains 8 rows of data because I checked it with a direct query of the DB. My code will only display the first row.
If anyone can give me some help I would greatly appreciate it. The first row is what should I expect it to be, I just don't know how to get it to move on to print subsequent rows.
term= Integer.parseInt(args[1]);
// Select a list of the surveys that fall under the term
query= "Select cid,subject,course_number,instructor_id from Courses where term=" + Integer.parseInt(args[1]);
result = statement.executeQuery(query);
String query2="";
while(result.next())
{
// Pull in the data
cid = result.getInt("cid");
subject = result.getString("subject");
courseNumber= result.getInt("course_number");
instructorId= result.getInt("instructor_id");enter code here
// Get the instructors last name
query2= "Select last_name from Instructors where fid=" + instructorId;
subResult= statement.executeQuery(query2);
while(subResult.next())
{
instructorLName= subResult.getString(1);
}
// Get the averages and num submitted
query2= "Select num_submitted, sum_q1, sum_q2, sum_q3, sum_q4, survey_id from surveys where cid=" + cid;
subResult= statement.executeQuery(query2);
while(subResult.next())
{
numSub= subResult.getInt(1);
sumQ1= subResult.getInt(2);
sumQ2= subResult.getInt(3);
sumQ3= subResult.getInt(4);
sumQ4= subResult.getInt(5);
surveyId= subResult.getInt(6);
}
// Print everything necessary
System.out.println( surveyId + " " + term + " " + subject + " " + courseNumber +
" " + instructorLName + " " + sumQ1/numSub + " " + sumQ2/numSub + " " + sumQ3/numSub
+ " " + sumQ4/numSub);
}
}
Not sure, but the problem might be that you are using same Statement object to execute different queries. Create separate statement instances for query and query2 and try.