Develop Reference

How to convert " ' " to " ` " in java

The syntax that from the java code is not applicable to mysql. The setString() from java will come out with ' and not ` which is not accepted in mysql.
I tried in my localhost to run the code, it really not accepting 'doctor' and only accept ``doctor`.
Below are my code:
PreparedStatement ps = con.prepareStatement("SELECT id FROM ? WHERE id = ?");
ps.setString(1, "doctor");
ps.setInt(2, 123);
ResultSet rs = ps.executeQuery();
and there is an error
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''doctor' WHERE id = 123' at line 1

It's because your code produces following query:
SELECT id FROM 'doctor' WHERE id = 123
As you can see table name is used as a String which is invalid SQL Syntax, so you can either hard code table name and or if you really want it to be dynamic you can achieve it like:
String sql = String.format("SELECT id from %s where id = ?", tblName);
PreparedStatement ps = con.prepareStatement(sql);
ps.setInt(1, 123);
ResultSet rs = ps.executeQuery();

mysql update error when I reuse pstmt.executeUpdate in eclipse jsp file

I have a problem using mysql update in eclipse jsp file.
I just use pstmt.executeUpdate in my jsp file. that's work right.
but when I reuse pstmt.executeUpdate for updating another host's database i can't update mysql data.
when I update second executeUpdate without update's "where" query, it's work right. I can update mysql data.
but only the problem is that when i update executeUpdate with "where", I cannot update the mysql data.
case1(no problem)
use preparedStatement1, update query with 'where' -> OK
use preparedStatement2, update query without 'where' -> OK
case2(problem)
use preparedStatement1, update query with 'where' -> OK
use preparedStatement2, update query with 'where' -> update fail
(and I already test my code in mysql workbench, there is no problem first UPDATE and second UPDATE with 'where'. I have only a problem adding update with 'where' code in my eclipse.)
behind is a my code.
String DB_USER = (String)session.getAttribute("id");
String DB_PASSWORD = (String)session.getAttribute("password");
String DB_HOST = "jdbc:mysql://rds01.********.ap-northeast-2.rds.amazonaws.com:3306/inventory_" + DB_USER + "?useUnicode=true&characterEncoding=euckr";
Connection con;
PreparedStatement pstmt;
String query = "UPDATE inventory_"+DB_USER+" SET "
+ "color1_size1 = ?, color1_size2 = ?, color1_size3 = ?, color1_size4 = ?, color1_size5 = ?, color1_size6 = ?, color1_size7 = ?, color1_size8 = ? "
+ "WHERE NAME = ? AND YEAR = ?";
try {
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection(DB_HOST, DB_USER, DB_PASSWORD);
pstmt = con.prepareStatement(query);
pstmt.setInt(1, color1_size1);
pstmt.setInt(2, color1_size2);
pstmt.setInt(3, color1_size3);
pstmt.setInt(4, color1_size4);
pstmt.setInt(5, color1_size5);
pstmt.setInt(6, color1_size6);
pstmt.setInt(7, color1_size7);
pstmt.setInt(8, color1_size8);
pstmt.setString(9, name);
pstmt.setString(10, year);
pstmt.executeUpdate();
pstmt.close();
con.close();
String query_all = "UPDATE inventory_all SET "
+ "color1_size1 = ?, color1_size2 = ?, color1_size3 = ?, color1_size4 = ?, color1_size5 = ?, color1_size6 = ?, color1_size7 = ?, color1_size8 = ? "
+ "WHERE NAME = ? AND YEAR = ?";
//behind host is another host with upper host.
DB_HOST = "jdbc:mysql://rds01.************.ap-northeast-2.rds.amazonaws.com:3306/inventory_all?useUnicode=true&characterEncoding=euckr";
con = DriverManager.getConnection(DB_HOST, DB_USER, DB_PASSWORD);
pstmt = con.prepareStatement(query_all);
pstmt.setInt(1, color1_size1);
pstmt.setInt(2, color1_size2);
pstmt.setInt(3, color1_size3);
pstmt.setInt(4, color1_size4);
pstmt.setInt(5, color1_size5);
pstmt.setInt(6, color1_size6);
pstmt.setInt(7, color1_size7);
pstmt.setInt(8, color1_size8);
pstmt.setString(9, name);
pstmt.setString(10, year);
//------------upper code is OK, behind code is a problem ----------------
pstmt.executeUpdate();
pstmt.close();
con.close();
} catch(Exception e) {e.printStackTrace();}

Use different PreparedStatement object for second query. Because
a
preparedstatement asks for the sql and immediatly compiles itself.
PreparedStatement pstmt1 = con.prepareStatement(sql1);
pstmt1.executeUpdate();
PreparedStatement pstmt2 = con.prepareStatement(sql2);
pstmt2.executeUpdate();

oh, I know the problem. I add the mysql privilege only update, delete, insert not select in database id.
as I add the 'select' privilege to my id, I can update in my database.
thank for all answer!

whats wrong with my UPDATE SQL Statement Java

String insert = "UPDATE PPN_WORKFLOW SET P1_F_Date = ?, SET P1_Completed = ?, SET C2_S_Date = ? WHERE ERF_No = ?";
stmt = conn.prepareStatement(insert);
stmt.setDate(1, date);
stmt.setInt(2, 1);
stmt.setDate(3, date);
stmt.setInt(4, erf_no);
stmt.executeUpdate();
I am trying to update a statement, but I am recieving this error
java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Syntax error in UPDATE statement.
at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6956)
at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7113)
at sun.jdbc.odbc.JdbcOdbc.SQLExecute(JdbcOdbc.java:3148)
at sun.jdbc.odbc.JdbcOdbcPreparedStatement.execute(JdbcOdbcPreparedStatement.java:215)
at sun.jdbc.odbc.JdbcOdbcPreparedStatement.executeUpdate(JdbcOdbcPreparedStatement.java:137)
at Mails.MailtoERF.check(MailtoERF.java:60)
at Mails.MailtoERF.main(MailtoERF.java:122)

you can not set like that .you need to change syntax.One time SET is enough
UPDATE PPN_WORKFLOW SET P1_F_Date = ?, P1_Completed = ?..... where condition

You have a SET for each Column name, you need to separate columns with comma only and use SET only once, see syntax here:
UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value

You dont need SET for each column:
MySQL UPDATE SYNTAX:
UPDATE [LOW_PRIORITY] [IGNORE] table_reference
SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ...
[WHERE where_condition]
[ORDER BY ...]
[LIMIT row_count]
String insert = "UPDATE PPN_WORKFLOW SET P1_F_Date = ?, P1_Completed = ?,
C2_S_Date = ? WHERE ERF_No = ?";

Your Sql Update statement syntax is wrong.Do put 'SET' for each column in the query, you only do it at the first column
change it to
String insert = "UPDATE PPN_WORKFLOW SET P1_F_Date = ?, P1_Completed = ?, C2_S_Date = ? WHERE ERF_No = ?";
stmt = conn.prepareStatement(insert);
stmt.setDate(1, date);
stmt.setInt(2, 1);
stmt.setDate(3, date);
stmt.setInt(4, erf_no);
stmt.executeUpdate();
Heres the syntax for you reference

error due to single quotes in insert query

I am inserting values in a Mysql database from java file using -
String query = "INSERT INTO genes (sent, title) VALUES ('"+sent+"','"+title+"')";
Statement stmt = con.createStatement();
int rs = stmt.executeUpdate(query);
where sent and title are variable strings extracted after applying some algorithm. But this gives sql error when sent or title contains single qoutes.

Consider using a prepared statement with parameters:
PreparedStatement pstmt = con.prepareStatement(
"INSERT INTO genes (sent, title) VALUES (?, ?)");
pstmt.setString(1, sent);
pstmt.setString(2, title);
pstmt.executeUpdate();

You should use PreparedStatement in fill the query parameters. It takes care of escaping the single quotes if any in the input parameters.
Modify your query and statement object as follows and it should be working:
String query = "INSERT INTO genes (sent, title) VALUES (? , ?)";
PreparedStatement pst = con.prepareStatement( query );
pst.setString( 1, sent );
pst.setString( 2, title );
int insertResult = pst.executeUpdate();

You should use PreparedStatements for that. PreparedStatement is under java.sql.* namespace.
String insertString = "INSERT INTO genes (sent, title) VALUES (?,?)";
// con is your active connection
PreparedStatement insertX = con.prepareStatement(updateString);
insertX.setString(1, sent);
insertX.setString(2, title);
insertX.executeUpdate();

You should never concatenate SQL statements like this, instead, use prepared statements:
String query = "INSERT INTO genes (sent, title) VALUES (?,?)";
PreparedStatement stmt = con.prepareStatement(query);
p.setString(1, sent);
p.setString(2, title);
p.executeUpdate();
If you use the string concatenation method you are exposing yourself to dangerous sql-injection attacks.

String query = "INSERT INTO genes (sent, title) VALUES (?, ?)";
PreparedStatement pt = con.prepareStatement(query);
pt.setString(1, sent);
pt.setString(2, title);
pt.executeUpdate();

Please, Remove ' from string or replace by \' from '.
Mysql allow only in \' format for special character.

Sql prepared statement not executing

I am using the following code to update my mysql table where both moving50 and moving200 are variable characters.
String sql = "update toplosers set Moving50 = ?, where Symbol = ?";
PreparedStatement stmt = conn.prepareStatement(sql);
for(int i1=0;i1<i;i1++)
{
stmt.setString(1, moving50[i1]);
stmt.setString(2,symbol[i1]);
stmt.addBatch();
}
stmt.executeBatch();
}
I am getting "have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Symbol = 'mysymbol'' at line 1
What is the problem

You have unexpected comma right after first parameter.

No need to add 'comma' for where clause.
Now check it.
String sql = "update toplosers set Moving50 = ? where Symbol = ?";
PreparedStatement stmt = conn.prepareStatement(sql);
for(int i1=0;i1<i;i1++)
{
stmt.setString(1, moving50[i1]);
stmt.setString(2,symbol[i1]);
stmt.addBatch();
}
stmt.executeBatch();
}
see sample example here

Avoid the comma character before the 'where' clause.