update <table> set url="http://www.google.com?a=1&something=so"
If I'm updating directly my string is updated till ?a=1 from & it is eliminating. can any one help me in this if my url contains any special symbol and how I need to update. I'm working from java
To avoid problems with string values consider using PreparedStatement and its setString method which will generate proper query with escaped values (if needed).
So try with
PreparedStatement ps = con.prepareStatement("update table set url=?");
// +----------------------------------------------------^
// | represents where we should put value
ps.setString(1, "http://www.google.com?a=1&something=so");
//then execute this statement
use this:-
update [table_name] set url='http://www.google.com?a=1'||'&'||'something=so'
here we are concatenating &, so that it does not create problem while update.
FYI.. if we have & in the string we try to update, oracle consider string following & as a parameter whose value it thinks as if it will be provided at run time, that is the reason why it was troubling you.
Related
I'm having issues dealing with the single quote while using it in a prepared statement in JAVA via Oracle JDBC.
Let's say we have a table Restaurant with a column restaurant_name with 1 value : Jack's Deli
I want to use a simple prepared statement query like this:
String result = "Jack\'\'s Deli"
String sqlStatement = "select * from Restaurant where restauraunt_name like ? escape '\\' ";
PreparedStatement pStmt = conn.prepareStatement(sqlStatement);
pstmt.setString(1, result);
The result shows 0 returned values, however when I directly search the query in the database (ORACLE) it works fine and retrieves the result. (Oracle uses two single quotes as an escape for the first)
I am thinking that the value is not being passed properly to the database. Or there is some other formatting issue.
The point of prepared statements is that you don't need any escaping.
.setString(1, "Jack's Deli") will get it done.
I want to set the ArtikelAnzahl (the number of article) in the database to the term, which I will get from my Java GUI.
So the SQL command string should look like:
"update warenliste set Anzahl=Anzahl+"anzahl"where Artikel_ID="+arikel_ID;
where:
warenliste is the table and Anzahl is a comlum which should get updated.
the number of article in the DB should be added to the number which we will get from the GUI.
Is this command right? I just learned SQL yesterday and unfortunately am not yet good at it.
public void setArtikelAnzahl(int anzahl, int arikel_ID) {
try {
String query = "update warenliste set Anzahl=Anzahl+"anzahl"where Artikel_ID="+arikel_ID;
rs= st.executeQuery(query);
}
catch(Exception e) {
System.out.println(e);
}
}
The SQL part
The SQL part of the query seems fine if artikel_id and anzahl are both numeric (and that it's anzahl and not artikeanzahl).
Let's instantiate the statement for an imaginary article 1 and a quantity of 27:
update warenliste set Anzahl=Anzahl+27 where Artikel_ID=1;
If you test this here with the following schema, it will work out fine:
create table warenliste (artikel_ID numeric,
bezeichnung varchar(100),
anzahl numeric);
insert into warenliste values (1,"Schraubenzieher", 1050);
insert into warenliste values (2,"Hammer", 10347);
The Java part
But there are a couple of problems in the Java part. First, you need to correct the statement to make the Java code compile. You also need to add missing spaces in the result string:
String query = "update warenliste set Anzahl=Anzahl+"+anzahl+" where Artikel_ID="+arikel_ID;
^ ^ ^
Since you're not too familiar with SQL yet, I'd suggest to display the query string before you execute it. Just to verify that it matches your expectations.
Now if ariktel_id is a string, and not a numeric, you may have to add the missing quotes around in the query string around the variable.
It's not required, but I'd recommend that when you build the query string, you use uppercases in the SQL statements. This will facilitate reading the java code, especially when you'll have SQL strings mixed with java variables like here.
I'm facing trouble transforming the below query to jdbc prepared statement and setting the parameters.
oracle query:
select * from TRANSACTION_DUMMY where ID = 'aa'
and JSON_EXISTS(TRANSACTION_DUMMY_INDEX FORMAT JSON,
'$.header.lineItems[*].status?(#=="complete")')
translated query:
select * from TRANSACTION_DUMMY where ID = ?
and JSON_EXISTS(TRANSACTION_DUMMY_INDEX FORMAT JSON,
'$.header.lineItems[*].status?(#==?)')
the issue is how to set parameters in the query.
tried playing around with indexes but always getting the error, invalid column index.
any pointers how to handle the above scenario using java jdbc prepared statement?
thanks
According to the documentation, the second argument to JSON_EXISTS is a special string literal called JSON_path_expression.
If the value of the expression should change dynamically, it will be easiest to create it on the client (Java) side and then concatenate it into the query. You cannot pass the path expression as a bind variable because Oracle expects it to be a literal, i.e. a "parse-time constant". As you noticed, you'll get an ORA-40454: path expression not a literal error message if you try to pass the expression as a bind value.
The following code uses Java's String.format() for injecting the expression into the SQL template:
String sql = "select * from TRANSACTION_DUMMY where ID = 'aa' "
+ "and JSON_EXISTS(TRANSACTION_DUMMY_INDEX_FORMAT_JSON, %s)";
// here you could have some code for modifying jsonPathExpression dynamically,
// e.g. changing the status based on some criteria
String jsonPathExpression = "'$.header.lineItems[*].status?(#==\"complete\")'";
try (Statement st = myConnection.createStatement(String.format(sql, jsonPathExpression))) {
ResultSet st = ps.executeQuery();
// Process result set
}
Using Netbeans, I have my database and table set up, and have added my data manually, in which I am able to see within my application I am building, as intended.
I would like the user to add their own data in which will be appended to a new row on the table. However, I am having trouble trying to write code in order to do this.
Class.forName("org.apache.derby.jdbc.EmbeddedDriver").newInstance();
Connection conn = DriverManager.getConnection("jdbc:derby://localhost:1527/stockApplication");
Statement stat = conn.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
String insertDerbyData = "INSERT INTO TIGER_INFO"
+ "(TIGER_ID, TIGER_LOCATION)"
+ "VALUES (123456, Store)";
stat.executeUpdate(insertDerbyData);
I cannot execute the above code as I'm returned with an error mentioning that 'STORE' is not in any table. 'STORE' is meant to be a value for my 'TIGER_LOCATION' column. What's going on here?
In theory, I have two columns, and I would like to add both values, '123456' and 'Store' into their respective columns. How do I go about correctly doing so?
If TIGER_LOCATION is a string/varchar column, and Store is a string literal, then the value must be enclosed in single quotes, as in most SQL-based databases:
INSERT INTO TIGER_INFO (TIGER_ID, TIGER_LOCATION) VALUES (123456, 'Store')
Strings should be between '...' you have to use :
VALUES (123456, 'Store')
//--------------^-----^
I am using simpleJDBCTemplate to insert a value to a postgre database.
String sql "insert into testTable values(:bla, :blah, functionThatTakesAText(':blu'))"
BeanPropertySqlParameterSource namedParameters = new BeanPropertySqlParameterSource(lighting);
simpleJdbcTemplate.update(sql, namedParameters);
Now, the blu parameter is actually a number(the actual sql takes 2 real's ) that is read from a file given by the client.
As a result the database receives something like the following:
insert into testTable values(?, ?, functionThatTakesAText(':blu'))
and fails to replace the :blu parameter as expected.
The current workaround that I'm using is replacing the blu parameter with its value using a regex, but I'm unsure on how safe that is.
How would you solve that?
Spring will skip over anything inside quotes in the SQL (see the skipCommentsAndQuotes() method of NamedParameterUtils), on the basis that anything inside quotes shouldn't be touched.
That makes sense in this context - you would want the prepared statement to say
functionThatTakesAText(?)
rather than
functionThatTakesAText('?')
Try removing the quotes there, and the placeholder should be substituted correctly.