We Keep Coding

SQL: delete items from table based on their ID, which also appears in another table

long story short, I have a coupon system project.
in it I have companys, coupons and customer.
all of their data is save in an SQL DB, based on apache derby.
for example:
a company exist on the company table. has id, name, password, email
a coupon exist on the coupon table. has id, title, price, etc..
only a company can create a coupon, and what it does, not only it is created on the coupon table mentioned above, it is also populating a second 'index' table, joining company's and coupons= company_coupon. has company_id, coupon_id
now everything else in the project is working beautifully, and the tables are checked by my teachers and everything is configured correctly.
what I'm trying to do next, and just cant seem to figure out the syntax for is:
when I delete a company, I also want to delete every coupon this company has created, from the coupon table. this I do by searching the company_coupon table for company_id matches, and deleting based on the coupon_id paired with them.
I'm trying this statment:
String sql = "DELETE FROM coupon INNER JOIN company_coupon ON id = company_coupon.coupon_id WHERE company_coupon.company_id = "
sql += companyObject.getId();
<-- method is getting an object and I have access to it's id, but I tried hard coding a specific company id and still..
the same error keeps coming back in different variations:
java.sql.SQLSyntaxErrorException: Syntax error: Encountered "INNER" at
line 1, column 8.
I searched online here and elsewhere, was advised to add an 'alias' after the DELETE. got the same error, pointing at that extra word:
"DELETE c FROM coupon INNER JOIN company_coupon ON id = company_coupon.coupon_id WHERE company_coupon.company_id = " ---->>
java.sql.SQLSyntaxErrorException: Syntax error: Encountered "c" at
line 1, column 8.
any ideas? :(

You might need two delete statements:
delete from company where id=1;
delete from company_coupon where id_company=1;
If your database supports cascade deletes on foreign keys, you might need just one delete statement.
Take a look at: http://sqlfiddle.com/#!7/86102/6 (click "Run SQL" and scroll down to the bottom of the result, try changing the sql yourself)

Solved:
String sql = "DELETE FROM customer_coupon WHERE coupon_id IN (SELECT company_coupon.coupon_Id FROM company_coupon WHERE company_coupon.company_id = ";
sql += comp.getId();
sql += ")";

#SecondaryTable causes internal server error

I have two tables named User and Role(POJO classes). I am using hibernate and named query to access data from postgresql. User has roleid which is the foreign key referencing id in Role table.
#NamedQuery(name="User.logincheck",query="SELECT u FROM User u WHERE u.loginName = :loginName AND u.password = :password")
If I am writing the above query to access contents of User table alone the code is working.
But I want to get one column from Role table so I add
#SecondaryTable(name="Role",
pkJoinColumns=#PrimaryKeyJoinColumn(name="ID",
referencedColumnName = "RoleID"))
When I add the above code I'm getting Internal sever error. I'm using tomcat 8.
How can I make it work and retrieve one column from the first query?

Complex INSERT query

I'm pretty new to MySQL. I have two related tables, quite common case: Klients(KID, name, surname) and Visits(VID, VKID, dateOfVisit) - VKID is the Klient ID. I have a problem with suitable INSERT query, this is what I want to do:
1.Check if Klient with specific name and surname exists (let's assume that there are no people with the same surnames)
2.If yes, get the ID and do the INSERT to Visits table
3.If no, INSERT new Klient, get the ID and INSERT to Visits.
Is it possible to do in one query?

You would need to use the IF EXIST / NOT EXISTS and use a subquery to check the table. See the reference bwlo
http://dev.mysql.com/doc/refman/5.0/en/exists-and-not-exists-subqueries.html
HTH

The INSERT statement allows only one single target table.
So the query you're looking for is just impossible unless you use triggers or stored procedures.
But such problem is commonly solved using the fallowing small algorithm:
1) insert a record in table [Visits] assuming the parent record does exist in table [Klients]
INSERT INTO Visits (VKID, dateOfVisit)
SELECT KID, NOW()
FROM Klients
WHERE (name=#name) AND (surname=#surname)
2) check the number of inserted records after query (1)
3) if no record has been inserted, then add a new record table [Klients], and then run (1) again.

try something like this
IF (SELECT * FROM `sometable` WHERE name = 'somename' AND surname = 'somesurname') IS NULL THEN
INSERT INTO Table1(name,surname) VALUES ('somename', 'somesurname');
ELSE INSERT INTO visits(kid,name,surname)
SELECT kid, name, surname FROM Table1 WHERE name = 'somename' AND surname = 'somesurname';
END IF;
there is no need to specify 'VALUES' on the second insert
i have not tested it, but this is the general idea of what you are trying to accomplish.

These should be two queries in a transaction:
INSERT INTO Klients (name, surname)
VALUES ('John', 'Doe')
ON DUPLICATE KEY UPDATE
KID = LAST_INSERT_ID(KID);
INSERT INTO Visits (VKID, dateOfVisits)
VALUES (LAST_INSERT_ID(), NOW());
The first statement is an upsert statement where the update part uses not widely known, but intented exactly for the purpose functionality of LAST_INSERT_ID(), where explicitly passed value is stored for getting the value afterwards.
UPD: I forgot to mention that you would need to add a unique constraint on (surname, name).

Sql Injection : want to show a demo of sql injection

I want to show a attack of sql injection in which when user fill a user login form and submit to java servlet. in login and password filed how we are type a query which is update any other record. I know all column and table names.
for example I am write this query in servlet :
select userid,username from accountinfo where userid='testid' and pass='1234';
update accountinfo set emailid='aar#r.com' where userid='testid2';
but its give Sql Exception how to solve this issue.

Try a single query first:
select userid, username
from accountinfo
where userid='-' and pass='-'
union
select userid, pass
from accountinfo
where userid like 'adm%'
If that gives no exception, present first the query of system tables, and then the above query. Pick an injection of an SQL update for the update accountinfo.

Retrieving data from a relational database

I have set up 2 two tables - table userid and table data in phpmyadmin. The userid table consists of a single column - id and the table data consists of the following columns- id|name|price. I have added an index in the column id of table userid to point to id of the table data. Now i have a user who makes certain selections inside an android application. I want to insert this data into the table data. I know i have to use jdbc and know how to enter data for table without any index. But i am confused as to how to go about doing it in the case of related tables. The userid is obtained from this link http://android-developers.blogspot.in/2011/03/identifying-app-installations.html. Would someone please tell me how to enter the data using java. (The confusion is how to enter the userid and the corresponding data ).

As long as you're aware of the user id when you're inserting a new record into the data table that's all you need. Basically you'll have:
Statement stmt = conn.createStatement();
stmt.executeUpdate( "INSERT INTO data (id, name, price) VALUES ('id from userid table', 'a name', 'a price')");
Obviously the params aren't escaped properly (they really should be) and there's no testing for errors, but that would get you started.
Then to, for example, select all the data related to a given userid, you would do something like:
Statement stmt = conn.createStatement();
stmt.executeQuery( "SELECT * FROM userid LEFT JOIN data WHERE userid.id = data.id" );