im having some problems getting the insert string to work its giving me a syntax error but cant figure out why, any help ?
String sql = "INSERT INTO user VALUES ('"+ jtfEmailAddr.getText()+"'," +
"'"+ jtfPassword2.getText() + "'," +
"'"+ jtfFName.getText() +"','" + jtfSurname.getText() +"')" +
"ON DUPLICATE KEY UPDATE password='" + jtfPassword2.getText() + "'"+ `enter code here`
"firstname='" + jtfFName.getText() + "'," +
"lastname='" + jtfSurname.getText() + "'";
database.insertIntoDatabase(sql);
ERROR:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rr'nn)' at line 1
the letters rr nn are just random for test purposed
Try adding a comma there “‘,”
With no more information is the part I see wrong
(Apart from of course the the “enter code here”...)
Related
Eclipse neon.1 (4.6.1) java;
SQLite 3.8.7 (sqlite-jdbc-3.8.7.jar)
I am attempting to insert customer's data into a table using the following code snippet:
PreparedStatement ps;
insertSQL = "INSERT INTO tbl_TotalPatent "
+ "(Abstract, `Application/Filing Date`, `Application Number`) "
+ "VALUES ("
+ "'" + _field[0] + "', "
+ "'" + _field[1] + "', "
+ "'" + _field[2] + "');";
ps = con.prepareStatement(insertSQL);
ps.execute();
Unfortunately, the client's data has an embedded apostrophe, which I cannot change. The "INSERT INTO" statement bombs out when finding the apostrophe, assuming it is a single quote:
java.sql.SQLException: [SQLITE_ERROR] SQL error or missing database (near "s": syntax error)
I've tried various permutations of the INSERT INTO statement to use different characters for the single quote - to no avail.
I presume there is an "easy" work-around, but I can't find it. The solution is probably posted somewhere on stackoverflow, but I can't find it. Can someone point me in the right direction?
you can replace that apostrophe with an double apostrophe, which is the standard SQL escape sequence for '
simply do that whith the following snippet:
+ "'" + _field[x].replaceAll("'", "''") + "', "
You could also use " instead of ' in your sql statement like the following:
+ "\"" + _field[x] + "\", "
I'm trying to pass the email as a parameter for the SELECT SQL query in my JAVA back-end.
As i understood, for some reason it pass only "email_name" from the "email_name#email.com". (Getting this error):
Threw a SQLException creating the list of blogs.
ERROR: column "email_name" does not exist
Position: 174
There is an existed rows, which contains "email_name#email.com".
(Why "ERROR: column"? according to query it should look for a value, no?)
Here is My query:
String active_user = "email_name#email.com"; //email_name#email.com - example, active_user receive some path variable and on this particular moment(before query execution) contains exactly "email_name#email.com".
ResultSet rs = st.executeQuery("SELECT \n" +
" goods.item_title, \n" +
" goods.item_descr, \n" +
" goods.item_email,\n" +
" goods.item_images,\n" +
" goods.item_phone, \n" +
" goods.item_price \n" +
"FROM \n" +
" public.goods\n" +
"WHERE goods.owner = "+active_user+"\n" +
"ORDER BY\n" +
" goods.item_id ASC;");
So the question is - how to pass full email to query?
Try using String active_user = "'email_name#email.com'";. with single quotes. Since postgre recognized as column when you use double quotes.
You should use PreparedStatement. this is a example
Very unsafe approach, you should use PreparedStatement to avoid SQL injection. Here is existing answer
I'm programming Java, and Eclipse is showing me this error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''where Name=''and Password=''' at line 1
I tried to fix the query but the error remains.Can you control if i write the query correctly?
-Connection() is a class that i use to connect into the database,in this class i' ve all connection method.I create this class to not repeat the connection in all classes.But this is not the error.
text1,2,3 are textboxes. I want to get the tablename via textbox 3.
String name = text1.getText();
String password = text2.getText();
String employment = text3.getText();
try {
ResultSet rs = Connection.Creation().executeQuery("select * from '" + employment +
"'where Name='" + name + "'and Password='" + password + "'");
}
catch
{
//something here
}
Try this
MySQL Identifiers
The identifier quote character is the backtick ("`") in MySQL.
ResultSet rs = Connection.Creation().executeQuery("select * from `" + employment +
"` where Name='" + name + "'and Password='" + password + "'");
ResultSet rs = Connection.Creation().executeQuery("
select * from " + employment + " where Name='" + name + "' and Password='" + password + "'");
The from shouldn't have ' '.
As I said in comment, you're very vulnerable for SQL-Injection this way.
String sql = "INSERT INTO order " + "(customerid, pant, shirt, date) "
+ "VALUES ('" + jTextField1.getText() + "','" + jTextField2.getText()
+ "','" + jTextField3.getText() + "','" + jTextField4.getText() + "')";
When tried this, I got the following error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near
'order (customerid, pant, shirt, date) VALUES ('10','2','3','26')' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method).
You need to escape reserved words like order with backticks
INSERT INTO `order` (customerid, ...
Besides that I recommend using Prepared Statements.
Table name "order" is reserve word so please change table name and try it.
I have a MySQL database and want to write a row into it. The problem is that MySQL do not like my query, why? This is my code:
java.sql.Timestamp date = new java.sql.Timestamp(new java.util.Date().getTime());
for (Integer articlevalue : articlesendlist) {
for (Integer suppliervalue : suppliersendlist) {
connection.executeQuery("INSERT INTO Bestellungen(Bestellung_ID, Artikel_ID, Lieferant_ID, Datum, Preis) VALUES (" + maxorder + ", " + articlevalue + ", " + suppliervalue + ", " + date + ", NULL)");
}
}
A small description for my code. The articlesendlist contains IDs from selected values from a JTabel. The same applies to the suppliersendlist. I want to write the IDs into the table "Bestellung". The variable maxorder is the current ID for the table "Bestellung".
If you need it, the exception is:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '12:45:06.164, NULL)' at line 1
Please do not comment/answer with other links, I already searched for the problem and read several sites. They do not help me or are not suitable for my problem.
Thank you for help
Exception is obvious isn't it.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '12:45:06.164, NULL)' at line 1
You are not using quotes around date field.
However you should really avoid executing your SQL queries like this and use PreparedStatemens for this purpose.
PreparedStatemens has specific methods like setDate, setTime, setLong, setString etc and you don't need to worry about putting right quotes in your code.
Try changing this line:
connection.executeQuery("INSERT INTO Bestellungen(Bestellung_ID, Artikel_ID, Lieferant_ID, Datum, Preis) VALUES (" + maxorder + ", " + articlevalue + ", " + suppliervalue + ", " + date + ", NULL)");
to this:
connection.executeQuery("INSERT INTO Bestellungen(Bestellung_ID, Artikel_ID, Lieferant_ID, Datum, Preis) VALUES ('" + maxorder + "','" + articlevalue + "','" + suppliervalue + "','" + date + "','NULL')");