I am using PreparedStatement to query my table. Unfortunately, I have not been able to do so.
My code is as simple as this:
PreparedStatement preparedStatement = connection.prepareStatement(
"Select favoritefood from favoritefoods where catname = ?");
preparedStatement.setString(1, "Cappuccino");
ResultSet resultSet = preparedStatement.executeQuery();
The error thrown is java.sql.SQLException: ORA-00911: invalid character. As if it never run through the parameter given.
Thanks for your time. I've spend a day to debug this yet still unsuccessful.
As mention by Piyush, if I omit the semicolon at the end of statement, a new error is thrown. java.sql.SQLException: ORA-00942: table or view does not exist. But I can assure you this table is indeed exist.
UPDATE
shoot. i edited the wrong sql. now it is successful. thx for your time.
Do you get this error if you try binding values from the shown sql and excute it from the SQL prompt or any SQL editor?
Make sure your query is not having semicolon (";") at the end of it or anywhere in the query.
try giving it this way..
String query="Select favoritefood from favoritefoods where catname = ?";
preStat = conn.preparedStatement(query); // conn is the connection object
preStat.setString(1,"Cappuccino");
ResultSet resultSet=preStat.executeQuery();
Related
Here's my query:
select *
from reg
where indexno=?
or tel=?
And here's my code:
Class.forName("com.mysql.cj.jdbc.Driver");
Connection con =DriverManager.getConnection("jdbc:mysql://url","unam","pass");
String query = "select * from reg where indexno= ? or tel=?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, in.getText());
ps.setString(2, tl.getText());
Statement st = con.createStatement();
ResultSet rs = st.executeQuery(query);
Let's take a closer look at what your code is doing.
Connecting to the database:
Connection con =DriverManager.getConnection("jdbc:mysql://url","unam","pass");
Creating the SQL query:
String query = "select * from reg where indexno= ? or tel=?"`;
Creating a prepared statement:
PreparedStatement ps = con.prepareStatement(query);
Setting some bind parameter values:
ps.setString(1, in.getText());
ps.setString(2, tl.getText());
Creating a whole new non-prepared statement (wait, what? Why are we not using the prepared statement we spent some time creating?):
Statement st = con.createStatement();
Using the new non-prepared statement to execute the SQL query.
ResultSet rs = st.executeQuery(query);
As a result of the last two lines, your SQL query is sent straight to the MySQL database. MySQL doesn't understand what the ? marks are for, and hence complains with a syntax error about them.
When handling prepared statements, JDBC drivers will either replace the ? marks with the database's own syntax for bind parameters (unless the database supports ? marks directly, but not all databases do), or put the values directly in the SQL string after suitable escaping of any characters, before they send the SQL to the database. Statements don't support bind parameters, and will just send the SQL string they are given straight to the database.
Your code creates a PreparedStatement and sets two bind parameter values. It seems a shame not to actually use your prepared statement once you've created it. You can get the result set you want out of it by calling ps.executeQuery(). There is no need for the separate Statement you created by calling connection.createStatement().
The fix therefore is to remove the last two lines of the code in your question and add the following line in place of them:
ResultSet rs = ps.executeQuery();
Updated:
so as per the suggestions i changed all the column name to strings and added prepared statements-
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/minor","root","alphabet")) {
Statement st = conn.createStatement();
PreparedStatement stmt= conn.prepareStatement("select * FROM ? where name=? ;");
PreparedStatement stmt2= conn.prepareStatement("select * FROM ? where name=? ;");
stmt.setString(1, day_1);
stmt.setString(2, faculty1);
stmt2.setString(1,day_1);
stmt2.setString(2, faculty2);
ResultSet rs=stmt.executeQuery();
ResultSet rs1= stmt.executeQuery();
The day and faculty is retrieved from input screen, the queries work just fine in mysql workbench but the 'select' keyword goes missing when i try to run it from Java, see the following error-
The faculty1, faculty2 is retrieved from the following-
The database looks like this-
I would recommend to use PreparedStatement instead of Statement, then at least you can bind your variables;
You query select from time_interval from day_selected is not correct, I don't think that it will execute anywhere, you need to have something between select and from, and not two from in one statement.
I am trying to delete the record from my "student" table, the table has two column rollno and student name.
I am using a PreparedStatement but I am getting some error. I could not understand the error. The error is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
here is my code
String query = "delete from student where rollno = ?";
PreparedStatement pst = con.prepareStatement(query);
pst.setInt(1, 7);
pst.executeUpdate(query);
Likely you are calling the execute like this:
pst.executeUpdate(query);
This will execute the raw query, without the parameter you set before.
You want to execute the prepared query instead, so just use:
pst.executeUpdate();
In my java application I am using OPENQUERY to execute an SQL query in remote linked MSSQL server and fetch result. Below is an example of OPENQUERY I am using:
SELECT 1 FROM OPENQUERY('LINK_SERVER1', 'SELECT 1 FROM TABLE_ABC');
In my Java class I am using PreparedStatement as below to execute the above OPENQUERY as below:
String linkServerName = "LINK_SERVER1";
String remoteQuery = "'SELECT 1 FROM TABLE_ABC'";
String openQuery = "SELECT 1 FROM OPENQUERY(" + linkServerName + ", " + remoteQuery + ")";
PreparedStatment ps = connection.prepareStatement(openQuery);
ps.executeQuery();
The above code works as expected. However the problem is that it is liable for SQL Injection and HP Fortify reports it as SQL Injection vulnerable.
I attempted to change the above code to use setString on PreparedStatement as below.
String linkServerName = "LINK_SERVER1";
String remoteQuery = "'SELECT 1 FROM TABLE_ABC'";
String openQuery = "SELECT 1 FROM OPENQUERY(?, ?)";
PreparedStatment ps = connection.prepareStatement(openQuery);
ps.setString(1, linkServerName);
ps.setString(2, remoteQuery);
ps.executeQuery();
However the above code does not work as I expect it to. At run time I get below exception on call to ps.executeQuery():
java.sql.SQLException: Incorrect syntax near '#P0'.
I am not clear what is incorrect with above code. It seems that the MSSQL jdbc driver isn't liking it, and call to setString method on PreparedStatement did not set the parameter correctly.
Has anyone come across this issue and resolved it? Any pointers towards the resolution of this is appreciated.
java.sql.SQLException: Incorrect syntax near '#P0'.
at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:365)
at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2781)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2224)
at net.sourceforge.jtds.jdbc.TdsCore.getMoreResults(TdsCore.java:628)
at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQLQuery(JtdsStatement.java:418)
at net.sourceforge.jtds.jdbc.JtdsPreparedStatement.executeQuery(JtdsPreparedStatement.java:693)
at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeQuery(NewProxyPreparedStatement.java:76)
at com.aviseurope.rm.fcst.modules.service.HealthCheckServiceImpl.canConnectToBiSsde(HealthCheckServiceImpl.java:658)
I have a preparedStatement for select query in mySQL.
this is what I wrote:
String sQuery = "SELECT Password FROM test WHERE Email = ?";
st = DB.prepareStatement(sQuery);
st.setString(1, email);
ResultSet rs = st.executeQuery(sQuery);
but i'm getting an exception from the glassfish server that says:
Severe: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '?' at line 1
I don't understand what is the problem.. all the samples i saw, use that syntax..
You must call st.executeQuery(), without the query as argument. The query has already been passed to the statement when it was prepared.
See http://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html#executeQuery%28%29
st.executeQuery() i.e. no param to executeQuery