i want to get the Number of Entries in a table in My java Project.
This is my code:
int count = 0;
Statement st = Mysql.con.createStatement();
ResultSet rs= st.executeQuery("select count(*) from keys where spieler =" +p.getName());
while (rs.next()){
count = rs.getInt(1);
}
I am getting following SQLEXCEPTION:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your
SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'keys where spieler =Pit910' at line 1
What is worng?
Thanks!
keys is a reserved MySQL keyword which needs to be escaped (either that or ALTER the table to give it a different name). Try this
PreparedStatement preparedStatement =
con.prepareStatement("select count(*) from `keys` where spieler = ?");
preparedStatement.setString(1, p.getName());
ResultSet rs= preparedStatement.executeQuery();
...
Use quotes around text field values,
You can optionally use backtick around field name or use table_name.field_name
ResultSet rs= st.executeQuery("select count(*) from
`keys` where spieler = '" + p.getName() + "' ");
Related
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");
The syntax that from the java code is not applicable to mysql. The setString() from java will come out with ' and not ` which is not accepted in mysql.
I tried in my localhost to run the code, it really not accepting 'doctor' and only accept ``doctor`.
Below are my code:
PreparedStatement ps = con.prepareStatement("SELECT id FROM ? WHERE id = ?");
ps.setString(1, "doctor");
ps.setInt(2, 123);
ResultSet rs = ps.executeQuery();
and there is an error
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''doctor' WHERE id = 123' at line 1
It's because your code produces following query:
SELECT id FROM 'doctor' WHERE id = 123
As you can see table name is used as a String which is invalid SQL Syntax, so you can either hard code table name and or if you really want it to be dynamic you can achieve it like:
String sql = String.format("SELECT id from %s where id = ?", tblName);
PreparedStatement ps = con.prepareStatement(sql);
ps.setInt(1, 123);
ResultSet rs = ps.executeQuery();
When using special character in MySql query :
String query = "select ID,Age,Income (k$),Score (1-100) from employee";
PreparedStatement statement = connection.prepareStatement(query);
ResultSet resultSet = statement.executeQuery();
getting following error:
java.sql.SQLException: Bad format for number 'ID,Age,Income (k$),Score (1-100)' in column 1.
Get resolved by adding `` to each column like "select ID,Age,Income (k$),Score (1-100) from employee"
I have a SQL code in a java code which looks like this :
Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
beforeExerTestDTO dto = new beforeExerTestDTO();
StringBuffer sql = new StringBuffer();
sql.append(" select * ");
sql.append(" from n_before_exer ");
sql.append(" where id=?");
sql.append(" and reg_date = (select max(reg_date) from n_before_exer where id=?)");
try {
con = pool.getLocalConnection();
pstmt = con.prepareStatement(sql.toString());
pstmt.setString(1, id);
pstmt.setString(2, id);
System.out.println("여기까진 살까??");
rs = pstmt.executeQuery();
/......
...... some code /
}catch(SQLException e){
System.out.println("read : " + e);
System.out.println("read : " + sql);
}catch(Exception e){
System.out.println("read : " + e.getStackTrace().toString());
}finally{
DBClose.close(con, pstmt, rs);
}
return dto;
}
When the file gets executed it forms a statement like this in console:
select * from n_before_exer where id=? and reg_date = (select max(reg_date) from n_before_exer where id=?)
and throws a
java.sql.SQLEXCEPTION
What I tried :
I ran the same in Mysql Workbench query :
and got the following error:
Error Code: 1064. You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near '? and reg_date = (select max(reg_date) from
n_before_exer where id=?)' at line 1
A bit of research on the topic shows :
This way is not a preferred way as it can lead to injection attacks
And was advised to use a placeholder for a parameter
It seems a bit complex for me, if anyone can help me construct this statement in the right preferred way please
Thanks
You should be using a prepared statement:
Connection con; // get a connection
PreparedStatement ps = con.prepareStatement(sql);
ps.setInt(1, someInt);
ps.setInt(2, someOtherInt);
ResultSet rs = ps.executeQuery();
while (rs.next()) {
// process each record
}
Your statement seem correct in syntax. Are you have encoding issue on you java file?
pstmt.setString(1, id);
I guess the problem is that the type of id is not string ,you could use this to have a try:
I have a Java-code:
String searchPerson = "select * from persons where surname like ? and name like ?";
//connect to DB
PreparedStatement statement = connect.prepareStatement(searchPerson);
statement.setString(1,"%"+ surname + "%");
statement.setString(2, "%" + name + "%");
ResultSet resultPerson = statement.executeQuery(searchPerson);
//..code
Then I have SQLException:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?'
You should execute the PrepareStatement with no parameters as follows:
statement.executeQuery()
Calling executeQuery with a String parameter will execute the provided query as is (without the bound parameters).
ResultSet resultPerson = statement.executeQuery(searchPerson);
should be
ResultSet resultPerson = statement.executeQuery();
Try with statement.setString(1,"'%"+ surname + "%'");