I am trying to populate one table in my database with pretty complex data. For this, I am using a generator API (which gives me random data).
public void populateCrackers(){
PreparedStatement psm;
String queryJoke = "(SELECT jid FROM Jokes WHERE jid=?)";
String queryHat = "(SELECT hid FROM Hats WHERE hid=?)";
String queryGift = "(SELECT gid FROM Gifts WHERE gid=?)";
String query = "INSERT INTO Crackers(cid, name, jid, hid, gid, quantity) VALUES(" +
"?, " +
"?, " +
queryJoke + ", " +
queryHat + ", " +
queryGift + ", " +
"?)";
System.out.println(query);
String cracker_String = utils.JSONUtils.getJSON(crackerAPI, client);
JSONObject crackerJSON = new JSONObject(cracker_String);
JSONArray crackers = crackerJSON.getJSONArray("results");
for(int j=0; j<crackers.length(); j++){
try{
psm = connection.prepareStatement(query);
psm.setInt(1,crackers.getJSONObject(j).getInt("cid"));
psm.setString(2, crackers.getJSONObject(j).getString("cname"));
psm.setInt(3, crackers.getJSONObject(j).getInt("rjoke"));
psm.setInt(4, crackers.getJSONObject(j).getInt("rhat"));
psm.setInt(5, crackers.getJSONObject(j).getInt("rgift"));
psm.setInt(6, crackers.getJSONObject(j).getInt("cquantity"));
psm.execute();
System.out.println(crackers.getJSONObject(j).get("cid") + " "
+ crackers.getJSONObject(j).get("cname") + " "
+ crackers.getJSONObject(j).get("cquantity") + " "
+ crackers.getJSONObject(j).get("rjoke") + " "
+ crackers.getJSONObject(j).get("rhat") + " "
+ crackers.getJSONObject(j).get("rgift"));
}catch (Exception e){
e.printStackTrace();
}
}
}
This is the method that populates my "Crackers" tab. I am wondering if this be accepted as a prepared statement. When I run it in psql interactive command line tool, exactly that statement with some chosen ids (e.g INSERT INTO Crackers (cid, name, hid, jid, gid, quantity) VALUES('cid', 'name', (SELECT hid FROM Hats WHERE hid=11), (SELECT jid FROM Jokes where jid=99), (SELECT gid FROM Gifts WHERE gid=13), 5) it works flawlessly.
Does my preparedstatement break the Constraint?
Any ideas?
LATER EDIT: The inconsistency is the form of that null values can reach my Crackers table (e.g. Cracker(1, "hello", null, null, 3, 123) appears in the table.
There is nothing about Prepared statement. Constraint can be broken by parameters you set to it. And you can run your PLSQL statement as anonimous block in PreparedStatement as well.
Just surround it with BEGIN ... END. only one thing is different - for JDBC parameters are ? mark not :parameter as for PLSQL and there is no way to use named parameter.
That means if you need to use parameter more than once for JDBC you have to have that many ? marks and set all of them.
So, focus on parameters you pass to and their sequence.
The code is correct, though the prepared statement must be closed, and it would be better to create the statement once, before the for loop.
Now there is crackers.length() times a statement created but not closed. That might give problems.
Use the try-with-resouce syntax for automatic closing, irrespective of any exception or return.
try (PreparedStatement psm = connection.prepareStatement(query)) {
for (int j = 0; j < crackers.length(); j++) {
...
psm.executeUpdate();
And call executeUpdate instead of the more general execute. The resulting update count might be of interest (1/0).
I realised I had the wrong constraints on my table. I was letting null values in. There was nothing wrong with the prepared statement.
The right query to create the table is this one:
String createCrackersQuery = "CREATE TABLE Crackers(" +
" cid INTEGER," +
" name VARCHAR NOT NULL," +
" jid INTEGER NOT NULL," +
" hid INTEGER NOT NULL," +
" gid INTEGER NOT NULL," +
" quantity INTEGER NOT NULL," +
" CONSTRAINT Cracker_Primary PRIMARY KEY (cid)," +
" CONSTRAINT Cracker_Name_Unique UNIQUE(name)," +
" CONSTRAINT Joke_Foreign FOREIGN KEY (jid) REFERENCES Jokes(jid)," +
" CONSTRAINT Hat_Foreign FOREIGN KEY (hid) REFERENCES Hats(hid), " +
" CONSTRAINT Gift_Foreign FOREIGN KEY (gid) REFERENCES Gifts(gid)" +
")";
Related
The task I've been given is to write a query to return the number of orphaned rows. I have achieved this but another task is to then not use the rawQuery method to achieve the same result using the query method.
The issue is that I get java.lang.IllegalStateException: Invalid tables
The tables, there are 3 are
the parent table which has an _id column and a name column
the child table which has an _id column, a name column and a childtoparentlink column that is an integer that links to the parent table.
the friend table which has an _id column, a name column and a friendtochildlink column.
The SQL to create and to put rows into the tables, including some orphans is like
CREATE TABLE parent(_id INTEGER PRIMARY KEY,parentname TEXT);
CREATE TABLE child(_id INTEGER PRIMARY KEY,childname TEXT, childtoparentlink INTEGER);
CREATE TABLE friend(_id INTEGER PRIMARY KEY,friendname TEXT, friendtochildlink INTEGER);
INSERT INTO parent VALUES(null,'Parent A');
INSERT INTO parent VALUES(null,'Parent B');
INSERT INTO child VALUES(null,'Child A',1);
INSERT INTO child VALUES(null,'Child B',2);
INSERT INTO child VALUES(null,'Child X',10); -- orphan
INSERT INTO friend VALUES(null,'Friend A',1);
INSERT INTO friend VALUES(null,'Friend B',2);
INSERT INTO friend VALUES(null,'Friend X',100); -- orphan
The query that works and gives the right values when using rawQuery is
SELECT
(
SELECT count() FROM child
LEFT JOIN parent ON child.childtoparentlink = parent._id
WHERE parent.parentname IS NULL
) AS child_mismatches,
(
SELECT count() FROM friend
LEFT JOIN child ON friend.friendtochildlink = child._id
WHERE child.childname IS NULL
) AS friend_mismatches
I get two columns each with a value of 1 (as wanted).
My actual code is :-
public ArrayList<String> checkLinkIntegrity() {
ArrayList<String> return_value = new ArrayList<>();
String suffix = "_mismatches";
String child_result_cl = TB_CHILD + suffix;
String sq_child_mismatches = "(SELECT count() FROM " +
TB_CHILD +
" LEFT JOIN " + TB_PARENT +
" ON " + TB_CHILD + "." + CL_CHILDTOPARENTLINK + " = " +
TB_PARENT + "." + CL_PARENTID +
" WHERE " + TB_PARENT + "." + CL_PARENTNAME + " IS NULL)" +
" AS " + child_result_cl;
String friend_result_cl = TB_FRIEND + suffix;
String sq_friend_mismatches = "(SELECT count() FROM " +
TB_FRIEND +
" LEFT JOIN " + TB_CHILD +
" ON " + TB_FRIEND + "." + CL_FRIENDTOCHILDLINK + " = " +
TB_CHILD + "." + CL_CHILD_ID +
" WHERE " + TB_CHILD + "." + CL_CHILDNAME + " IS NULL)" +
" AS " + friend_result_cl;
String full_query = "SELECT " + sq_child_mismatches + "," + sq_friend_mismatches;
SQLiteDatabase db = this.getWritableDatabase();
Cursor csr;
Log.d("RAWQUERYSQL",full_query);
csr = db.rawQuery(full_query,null);
return_value.addAll(dumpCursorToStringArrayList(csr,"RAWQUERY"));
// Fails invalid table
csr = db.query(null,new String[]{sq_child_mismatches,sq_friend_mismatches},null,null,null,null,null);
return_value.addAll(dumpCursorToStringArrayList(csr,"SECONDTRY"));
csr.close();
return return_value;
}
and the dumpCursortoStringArrayList method is :-
private ArrayList<String> dumpCursorToStringArrayList(Cursor csr, String tablename) {
ArrayList<String> rv = new ArrayList<>();
int original_position = csr.getPosition();
csr.moveToPosition(-1);
rv.add("Table: " + tablename);
while (csr.moveToNext()) {
rv.add("\tRow # " + String.valueOf(csr.getPosition() + 1));
for (String column: csr.getColumnNames()) {
rv.add("\t\tColumn: " + column + "\tvalue is: \t" + csr.getString(csr.getColumnIndex(column)));
}
}
csr.moveToPosition(original_position);
return rv;
}
I get the same error if I try "" instead of null e.g.
If I use only the rawQuery I get
04-22 07:07:33.914 6271-6271/s.q001 I/RESULTS: Table: RAWQUERY
04-22 07:07:33.914 6271-6271/s.q001 I/RESULTS: Row # 1
04-22 07:07:33.914 6271-6271/s.q001 I/RESULTS: Column: child_mismatches value is: 1
04-22 07:07:33.914 6271-6271/s.q001 I/RESULTS: Column: friend_mismatches value is: 1
This is from using
ArrayList<String> results = DBOpenHelper.checkLinkIntegrity();
for (String s : results) {
Log.i("RESULTS",s);
}
How can I run the query with the query method instead of the rawQuery method, to get the better marks?
Your issue is that the query method expects a table as it then generates SQL as per
SELECT your_columns FROM the_table;
As there is no table it issues the Invalid Table exception.
You have to provide something that will satisfy the FROM clause, it cannot be nothing.
You can get around this in a few ways, which I guess is what the homework is trying to get you to ascertain/explore.
Fix 1
You could supply one of the tables that exist e.g. use
csr = db.query(null,new String[]{sq_child_mismatches,sq_friend_mismatches},null,null,null,null,null,"1");
Note the 8th parameter, this LIMITs the number of rows generated to one as there would be a row generated for each row in the fake table.
Fix 2
or as FROM can be a subquery (see diagram) you could use a subquery e.g. one that you have
So you could use :-
csr = db.query(
sq_child_mismatches, //<<<<<<<<<< the fake subquery
new String[]{
sq_child_mismatches,
sq_friend_mismatches
},
null ,null,null,null,null
);
In this case, as the fake subquery returns a single row/result, there is no need for the LIMIT clause.
I am trying To Create Tables in mysql dynamically And Assign them Name Using The Email Address User Provided. But Whenever I try to Assign Table Name dynamically it shows me error and i don,t know anyother way to fulfil my requirement.
Here is The Code I Wrote
String TableName = Email.getText();
try {
String myTableName = "CREATE TABLE '" + TableName + "' "
+ "(id INTEGER not NULL, "
+ " first VARCHAR(255), "
+ " last VARCHAR(255), "
+ " age INTEGER, "
+ " PRIMARY KEY ( id ))";;
Class.forName(m.RegisterationString);
java.sql.Connection con;
con = DriverManager.getConnection(m.URL, m.UserName, m.Password);
Statement State = con.createStatement();
//This line has the issue
State.executeUpdate(myTableName);
System.out.println("Table Created");
}
In MySQL the name of table should not be between '' it can be between :
String myTableName ="CREATE TABLE `" + tableName + "`"
//--------------------------------^-----------------^
Note for good pratice don't start the name of variable with upper letter like State or TableName, Email
I need to insert multiple rows (about 1 mln.) containing random numbers into a Postgresql database. This code generates one row with random numbers into a database. How can i make the statement loop itself for any amount of times?
Random rand = new Random();
for (int j=0;j < 1;j++);
stmt = c.createStatement();
String sql = "INSERT INTO COMPANY (ID,NAME,AGE,ADDRESS,SALARY) "
+ "VALUES ('" + rand.nextInt() + "', '" + rand.nextInt() + "', '" + rand.nextInt() + "', '" + rand.nextInt() + "'," +
" '" + rand.nextInt() + "')";
stmt.executeUpdate(sql);
stmt.close();
c.commit();
c.close();
You basically have two options to do that
Have the database do all the work
As suggested by #a_horse_with_no_name: use just one INSERT, and let the database compute all the random values:
INSERT INTO COMPANY
(ID
,NAME
,AGE
,ADDRESS
,SALARY)
SELECT
i
,random() * 10000 + 1
,random() * 80 + 1
,random() * 10000 + 1
,random() * 1000000 + 1
FROM
generate_series(1,1000000) i
This would be the usual way of filling a table with random values (to simulate data, for instance) when working with PostgreSQL. Note one thing: the ID column, assuming it is a PRIMARY KEY (i.e.: UNIQUE and NOT NULL) should never be assigned a random value, that could be repeated.
Have all the values computed by your program, but generate just one statement:
If, for some reason, the randomness of PostgreSQL is not good enough for your application, or you want to control through your program how the (pseudo)random values are generated, you could take advantage of the fact that you can have several rows stated in VALUES.
That is, the following statement is valid:
INSERT INTO some_table(a_column) VALUES (101), (102), (103), (104) ;
and would insert four rows into some_table.
You would change your program to generate values this way:
Random rand = new Random();
StringBuilder sql =
new StringBuilder("INSERT INTO COMPANY (ID,NAME,AGE,ADDRESS,SALARY) VALUES ;");
for (int j=0; j < 1000000; j++)
{
if (j) sql.append (",")
sql.append ("(" + j.toString() + /* ID should NOT be random() */
",'" + rand.nextInt().toString() + "'" + /* NAME */
",'" + rand.nextInt().toString() + "'" + /* AGE */
",'" + rand.nextInt().toString() + "'" + /* ADDRESS */
",'" + rand.nextInt().toString() + "'" + /* SALARY */
")") ;
}
stmt = c.createStatement();
stmt.executeUpdate(sql.toString());
stmt.close();
c.commit();
c.close();
NOTE 1: the SQL statement generated this way is not "dangerous" because you are completely controlling the data used to generate it. If you would use user input, or some information whose origin or format cannot be trusted, use PREPARED STATEMENTS, to avoid risks of SQL injection.
NOTE 2: Use a StringBuilder (not a String) to generate such a large String.
NOTE 3: As the SQL string can be too large to be handled by either the JDBC or the database itself (as pointed out by #dsp_user), it might be necessary to limit the number of iterations within the loop; and have a second loop over it (obviously, the use of the j variable should change in this scenario).
I'm trying to pass the email as a parameter for the SELECT SQL query in my JAVA back-end.
As i understood, for some reason it pass only "email_name" from the "email_name#email.com". (Getting this error):
Threw a SQLException creating the list of blogs.
ERROR: column "email_name" does not exist
Position: 174
There is an existed rows, which contains "email_name#email.com".
(Why "ERROR: column"? according to query it should look for a value, no?)
Here is My query:
String active_user = "email_name#email.com"; //email_name#email.com - example, active_user receive some path variable and on this particular moment(before query execution) contains exactly "email_name#email.com".
ResultSet rs = st.executeQuery("SELECT \n" +
" goods.item_title, \n" +
" goods.item_descr, \n" +
" goods.item_email,\n" +
" goods.item_images,\n" +
" goods.item_phone, \n" +
" goods.item_price \n" +
"FROM \n" +
" public.goods\n" +
"WHERE goods.owner = "+active_user+"\n" +
"ORDER BY\n" +
" goods.item_id ASC;");
So the question is - how to pass full email to query?
Try using String active_user = "'email_name#email.com'";. with single quotes. Since postgre recognized as column when you use double quotes.
You should use PreparedStatement. this is a example
Very unsafe approach, you should use PreparedStatement to avoid SQL injection. Here is existing answer
I have a java application that inserts records into the database from the textboxes. The problem is that when i click ADD it gives the following error:
com.microsoft.sqlserver.jdbc.SQLServerException: Violation of PRIMARY KEY constraint 'PK__customer__A1B71F90E76B7658'. Cannot insert duplicate key in object 'dbo.customer'. The duplicate key value is (5)
There is no duplication in my table and i cannot understand what to do. This is the first time i have encountred this error. No column in my database allows null and cust_id is a foreign key in another table. Here is my code
stmt = conn.createStatement();
String sql = "insert into customer (cust_id, cust_name, father_name, birth_date, CNIC, city, card_num, acc_num, bank_name, address, email, ph_num) values ( " + String.valueOf(txtcust_id1.getText()) + ",'" + txtcust_name1.getText()
+ "','" + txtf_name1.getText() + "','" + txtb_date1.getText() + "','" + txtcnic1.getText() + "','" + txtcity1.getText() + "','" + txtcard_num1.getText() + "','" + txtacc_num1.getText() + "','" + txtb_n1.getText() + "','" + txtadd1.getText() + "','" +
txtemail1.getText() + "','" + txtph_num1.getText() + "' )";
stmt.executeUpdate(sql);
System.out.println("Successful");
int rowsAffected = stmt.executeUpdate(sql);
String msg = "Insert Query Execution Failed";
if(rowsAffected > 0) {
JOptionPane.showMessageDialog(null, "Query Successful");
}
else {
JOptionPane.showMessageDialog(this, msg, "Execution Alert", JOptionPane.INFORMATION_MESSAGE);
}
i can't use parametric query because i can't seem to handle date and money in it.
Your code does:
stmt.executeUpdate(sql);
System.out.println("Successful");
int rowsAffected = stmt.executeUpdate(sql);
So it executes the same SQL, containing a hard-coded primary key, twice. That's why you get this exception.
BTW, your code is extremely fragile (just try adding an apostrophe in one of the strings you're inserting) , and a good candidate for a SQL injection attack. Learn about prepared statements.