just kinda struggling with identifying the id during the piece update. I pass the id as a var and am trying to use it in conjunction with the WHERE statement and cant seem to figure out the correct syntax
String update = "UPDATE LawnMowers"+ " SET LMPrice = '"+returnedPrice+"' " + " WHERE LMID = '"+returnedID+'";
the return id is the issue, and the error is "invalid character constant". I believe the issue is normally the statement would be:
"WHERE LMID = int/double.ect"; rather then using " WHERE LMID = '"+varr+'"; errors and adding the additional " or )" ect options I have tried dont work either. Just wondering if any one had some insight
my DB is on Godaddy
thanks for reading
I think your statement should end
+ returnedID + "'";
Yours currently ends
+returnedID+'";
Also please read about prepared statements, these are much easier to use and leave you at far less risk of SQLi security vulnerabilities. It would look something like this:
String update = "UPDATE LawnMowers SET LMPrice = ? WHERE LMID = ?";
updateStatement = con.prepareStatement(update);
updateStatement.setInt(1, returnedPrice);
updateStatement.setInt(2, returnedId);
updateStatement.executeUpdate();
Related
New to java.
I am attempting to write a class that will input a username, run a query on the username to find the ID, and subsequently use that ID in "where clauses" on all my other classes.
This is the statement that I execute (which will only ever return a recordset of a single row):
String sqlStatement = "SELECT AccountHolderId, Passcode from CIS4720.DBO.AccountHolder " +
"where Username = '" + logonName + "'";
Here is my attempt at extracting the ID via the username...
while (rset.next())
{
if(rset.getInt("Username")==logonName){
int whosOnFirst = rset.getInt("AccountHolderId");
}
I saw another answer on the forum that says you can't assign database values to variables. If that is the case, what is a better strategy?
(Also, I realize I'm not parameterizing, but I'd like to get this working before fixing that issue. This is for a course assignment so I am not worried about hack attacks).
P. S. Thanks I fixed the double equals sign (and the extra parenthesis) in the code above.
Here are some comments about the code:
rset.getInt("Username") will get the column Username from the result but it also looks for an Integer column because of getInt. You are not selecting that column in the sql statement so will error out.
If you select it and get a string, use .equals() instead of == to compare string. Also, one = is assignment and == is comparison.
You can use getString to read Strings from the result set.
You don't need to check the username and match it since your query should return exactly that user's data so I would remove the if condition entirely and just have the getInt line there.
i replace a particular string in a statement like the following
SQL = SQL.replaceAll("CUSTOMER_NUMBER", customer);
this conversion goes as integer but i want to replace this as a string like the following
AND CIMtrek_accountlist_customer_number = '0002538'
but at present it replaces like the following
AND CIMtrek_accountlist_customer_number = 0002538
how to do this in java.
Just get it to output the ' as well as the customer variable
SQL = SQL.replaceAll("CUSTOMER_NUMBER", "'" + customer + "'");
However as #jlordo mentioned in a comment, you should look at using prepared statements which will allow you to inject values into a prepared sql statement.
Though you should be using PreparedStatement if you are running SQL, However if placeholder "CUSTOMER_NUMBER" is under your control, It is better to use String.format. See and example here
I've read many threads regarding this topic, but everybody point to the character set in the database.
I'm using strings with special characters like 'ñ' and I'm not able to set them right in the database. As you may guess, the characters are changed to '?'.
The thing is that using this statement, I get it RIGHT:
stmt = con.prepareStatement("INSERT INTO LONG_CODES_TABLE (TIMESTAMP, TABLE_NAME, CODE__C, CODE_DESC)
VALUES (GET_TIMESTAMP, 'MUNICIPIOS', '" + municipio + "', '" + municipio + "') ");
And just in the same database and table, without changing anything, if I use the following I get the '?' character in the DB:
stmt = con.prepareStatement("INSERT INTO LONG_CODES_TABLE (TIMESTAMP, TABLE_NAME, CODE__C, CODE_DESC)
VALUES (GET_TIMESTAMP, 'MUNICIPIOS', ?, ?) ");
stmt.setString(1, municipio);
stmt.setString(2, municipio);
So, the character problem is happening ONLY if I use setString.
Any ideas?
EDIT: The value of the 'municipio' variable is, for example: 'ABADIÑO'.
Later, I can check the differences between doing it on way or the other by asking for that value with an sql statement, for example:
select * from long_codes_table
where table_name = 'MUNICIPIOS' and code__c = 'ABADIÑO'
One way I get the result row. The other way, I don't.
Thank you.
I had that behaviour, too. On top of that I observed that this error did not occur when the application was started from the IDE. That's how I realized that in the JVM - attributes, the one for the encoding was missing.
java %vm-opts% %clspth% -Dfile.encoding=UTF-8 ...
So odd! :P
connection = appDatabase_.getDatabase().getConnection();
PreparedStatement updateStmt = connection.prepareStatement
("UPDATE " + getTableName() + " SET " + column
+ " = ? WHERE " + ID + " = ?");
Got this chunk of code. After this comes some hard coded "set bytes" and "set int" statements.
And then an execute(). Pretty simple right?
Occasionally the prepared statement just fails to execute and the app acts very oddly (hard to explain how). Why and when would this happen? Maybe if the connection is closed?
Not sure what to think atm.
Thanks SO!
Well, since you didn't show us your try/catch and I know java.sql classes are full of declared checked exceptions, my guess would be you're eating exceptions somewhere.
i written this query (in java class) to select some information from the MySQL database
and view it on jsp page...
SELECT instructor.name FROM
instructor,section,teach WHERE
teach.student_id='3'AND teach.section
= section.number AND section.instructor_id= instructor.ID
but there is exception was occur!
javax.servlet.ServletException:
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException:
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near
'.student_id='3'AND teach.section =
section.number AND
section.instructor_id= ins' at line 1
,,
by the way, i was write it in PhpMyAdmin, and it's work..
App server: Sun GlassFish Enterprise Server v2.1
please help me...
Regards
You need a space after the '3'.
It seems that there is a space missing. '.student_id='3'AND -> '.student_id='3' AND
If your query is exactly as you show it:
SELECT instructor.name FROM instructor,section,teach WHERE teach.student_id='3'AND
teach.section = section.number AND section.instructor_id= instructor.ID
then you need a space after the '3' and before AND on the first line shown above.
What is the datatype of "teach.student_id"? Is it numeric or varchar. If it is numeric, no need to put the '3' inside single quotes.
e.g.
teach.student_id = 3
Thanks for all
i was write query in java class like this
ResultSet rs
=stmt.executeQuery("SELECT instructor.name " +
"FROM instructor,section,teach" +
"WHERE teach.student_id=" + "'" + idd + "'" +
" AND teach.section = section.number
AND section.instructor_id=
instructor.ID");
then i eliminate all lines, and put query in one line like this, then it's solved...
Regards