for (String[] array : checkstore1) {
for (String element : array) {
String sql5 = "UPDATE product SET "
+ "pro_store = '" + element + "'" + ","
+ "WHERE pro_id = '" + array + "'";
stmt.executeUpdate(sql5);
}
}
Any suggestions on how to correct my code would be helpful, thanks!
"WHERE pro_id = '" + array + "'";
You should check if you really want to use a array here.You sql will be like
WHERE pro_id = '[Ljava.lang.String;#72ffb'
I think you should change array to a String value.
Related
Hello I wrote a join query but I do not have a relational annotations on my entities. I like to change my query for a better performance. Is there any other way to do it
#Override
public List<Object[]> search(String code, String name, String username, String shopName, String startDate, String endDate) {
Query query = null;
StringJoiner stringJoiner = new StringJoiner(" AND ");
stringJoiner.add("SELECT sthLogin.sthId, sth.sthMobileNumber, sth.createdDate, sth.expiryDate, sth.brandingName, sth.shopName" +
" FROM tbl_sth_login_credentials sth INNER JOIN tbl_maintain_sth_profile sth ON sth.Id = sth.sthPrimaryId WHERE sth.deletionStatus = 'N' ");
if(StringUtils.isNotEmpty(sthCode))
stringJoiner.add("stlogin.code = '" + sthCode + "'");
if(StringUtils.isNotEmpty(sthName))
stringJoiner.add("sth.brandingName = '" + sthName + "'");
if(StringUtils.isNotEmpty(username))
stringJoiner.add("sthLogin.sthMobileNumber = '" + username + "'");
if(StringUtils.isNotEmpty(shopName))
stringJoiner.add("sth.shopName = '" + shopName + "'");
if(StringUtils.isNotEmpty(shopName) && StringUtils.isNotEmpty(endDate))
stringJoiner.add("sth.createdDate BETWEEN '" + startDate + "' AND '" + endDate + "' ");
query = entityManager.createNativeQuery(stringJoiner.toString());
return query.getResultList();
I am trying to find a way to "collect all the classes from a selected date to another, managed by a specific teacher", and so far, its going okay. I have used to uppercase to match with a capital letter as the first one in the name... but since some teachers (McGonnagal) for example is having capital letters in her lastname, is there a way to, say , get the input to lowercase, and also transfer the data in the database (McGonnagal) all to lowercase?
So it would always be a match even if the user inserted McGoNNaGal in the program.... anyone got any ideas?`
try {
String lararesNamn = txtLoCLarare.getText();
String LFN = lararesNamn.toUpperCase().charAt(0)+lararesNamn.substring(1);
String datumFrom = txtLoCfom.getText();
String datumTom = txtLoCtom.getText();
String lararesEN = txtLarareEN.getText();
String LEN = lararesEN.toUpperCase().charAt(0)+lararesEN.substring(1);
ArrayList<HashMap<String,String>> listOfClasses = databas.fetchRows("SELECT KURSNAMN FROM KURS JOIN LARARE ON KURSLARARE = LARAR_ID WHERE KURSSTART >= " + "'" + datumFrom + "'" + " AND KURSSLUT <= " + "'" + datumTom + "'" + " AND(LARARE.FORNAMN = " + "'" + LFN + "'" + " AND LARARE.EFTERNAMN = " + "'" + LEN + "'" + ")");
System.out.println(listOfClasses);
JOptionPane.showMessageDialog(null, listOfClasses);
} catch(InfException ex){
System.out.println(ex.getMessage());
}
Best regards!
You can convert the fetched name from SQL DB to lower or upper case. For LOWER case modify your query to.
SELECT KURSNAMN FROM KURS JOIN LARARE ON KURSLARARE = LARAR_ID WHERE KURSSTART >= " + "'" + datumFrom + "'" + " AND KURSSLUT <= " + "'" + datumTom + "'" + " AND(LOWER(LARARE.FORNAMN) = " + "'" + LFN + "'" + " AND LOWER(LARARE.EFTERNAMN) = " + "'" + LEN + "'" + ")"
You can use UPPER function for upper case
Im newbie in java and need help with getting rid of a comma in an sql query. anyone who can guide me in the right direction?
query = "UPDATE " + tablename + " SET ";
for(int i=0; i< columnnames.size(); i++)
{
query+= "'" + columnnames.get(i) + "' = '" + row[i] + "',";
}
query = StripLastComma(query); //Not sure how to do this in Java.
query +="' WHERE " + FirstColumn + " = '" + rowstandard + "'";
You can do this:
query = query.substring(0, query.length()-1);
at the place of "//Not sure how to do this in Java.".
But also:
1) As Makoto wrote use PreparedStatement. Also read a bit
about SQL injection and how to protect yourself from it.
2) Using StringBuilder instead of String would be better for your case.
That's because, it seems you use String and it is immutable.
So when deleting the last comma, you're actually creating a
whole new String object which is really not needed as other pointed
out in their comments.
Disregarding the already mentionned SQL injection problem, I would use a StringBuilder and do it like this to avoid that last comma.
StringBuilder queryBuilder = new StringBuilder();
queryBuilder.append("UPDATE " + tablename + " SET ");
for(int i = 0; i < columnnames.size(); i++) {
if (i != 0) {
queryBuilder.append(",");
}
queryBuilder.append("'" + columnnames.get(i) + "' = '" + row[i] + "'");
}
queryBuilder.append("' WHERE " + FirstColumn + " = '" + rowstandard + "'");
query = queryBuilder.toString();
Firstly, you have a bug: you are quoting your column names when you should not.
The comma issue is easiest handled by making the logic different for the first iteration and putting the comma before the content, which neatly handles the edge case of there being only one column:
if (i > 0)
query += ",";
query += columnnames.get(i) + " = '" + row[i] + "'";
Your code is vulnerable to SQL injection, but if the only client is your own code (ie you know the new values of the columns are "safe") it's OK.
I'm wanting to insert an entry if it does not exist otherwise update the entry, I couldn't use the ON DUPLICATE KEY UPDATE, I got confused with the syntax. So I tried to do something like this:
final String QUERY = "REPLACE INTO skills SET VALUES (" + insert(player) + ") WHERE playername = '" + player.getUsername() + "'";
statement.execute(QUERY);
statement.close();
connection.close();
}
private static String insert(Player player) {
String stringToReturn = "'" + player.getUsername() + "',";
for (int index = 0; index < 25; index++) {
stringToReturn += player.getSkills().getLevels()[index] + "," + ((int) player.getSkills().getXp()[index]) + ",";
}
stringToReturn = stringToReturn.substring(0, stringToReturn.length() - 1);
return stringToReturn;
}
But that's incorrect syntax so I was wondering how I could do this?
playername is primary key
I think the correct syntax to make ON DUPLICATE KEY UPDATE work for you is:
"INSERT INTO skills (playerName, otherColumn)
VALUES ('" + player.getUsername() + "', '" + insert(player) +"')
ON DUPLICATE KEY UPDATE otherColumn = VALUES(otherColumn)";
Why is there a syntax error in this code?
String strSqlUpdate = "UPDATE Customers SET Contact = " + contact_num + ","
+ "Email = '" + email_add + "',"
+ "Address = '" + mail_add + "',"
+ "SurveyStatus = " + radio_group + ","
+ "Subscription = " + receive_info +
"WHERE membership_ID = '" + member_ID';
I thought my code was right.
If it is the error in your code, check all the variables that you have used are declared and initialized with proper values.
If it is the syntax of the sql that is bothering you , here is what your sql would look like if all the variables are initialized to null.
UPDATE Customers SET (Contact)null,Emailnull,Address,null,SurveyStatus,null,SubscriptionnullWHERE MembershipID =null
Use spaces in your strSqlUpdate to correct the above sql.
EDIT
What you need is something like this.
String strSqlUpdate = "UPDATE Customers SET Contact = " + contact_num
+ ",Email = '" + email_add + "'"
+ ",Address = '" + mail_add + "'"
+ ",SurveyStatus = '" + radio_group + "'"
+ ",Subscription = '" + receive_info + "' "
+ "WHERE membership_ID = '" + member_ID + "'";
I get no syntax errors when I declare and Initialize all of the variables. You have to make sure they're all initialized, within the scope of the strSqlUpdate
String contact_num = "";
String email_add = "";
String mail_add = "";
String radio_group = "";
String receive_info = "";
String member_ID = "";
String strSqlUpdate = " UPDATE Customers SET (Contact)" + contact_num + "," + "Email"
+ email_add + "," + "Address" + "," + mail_add + "," + "SurveyStatus" + "," + radio_group
+ "," + "Subscription" + receive_info + "WHERE MembershipID =" + member_ID;
Also considering you're talking about SQL syntax, adding on to what others have said, I'd advise you should use a PreparedStatement to avoid SQL injection.
PreparedStatement pst = conn.prepareStatement(
"UPDATE Customers SET (Contact) ?, ?, ?, ?, ?, ?, ? WHERE ? = ?");
pst.setString(1, contact_num);
pst.setString(2, email_add);
... and so on
An error in your current SQL syntax is this
"Subscription" + receive_info + "WHERE MembershipID
Translated as
"...Subscrptionreceive_infoWHERE MembershipID..."
You need to add spaces wherever you don't have commas