I have to develop a small program that inserts some data into an Oracle database. Unfortunately I have some trouble with a SQL Statement and the execution of it. This is the code I am using:
db.execute(
String.format("INSERT INTO tops VALUES (%d, '%s', %d, %f.00, '%s', TO_TIMESTAMP('%s', 'YYYY-MM-DD HH24:MI:SS.FF'))",
item.getID(),
item.getTitle(),
this.elements,
item.getSize(),
item.getEntity(),
timestamp.toString()));
This is the part where the execution should work but I get the following error:
java.sql.SQLException: ORA-00913: Zu viele Werte
Google Translate for exception is:
java.sql.SQLException: ORA-00913: Too many values
You can use prepared statements like this as suggested by Guallaume on the comment;
PreparedStatement pstmt = null;
Connection conn = null;
try{
//if you have a method that creates a connection for you.
conn = getConnection();
pstmt = conn.prepareStatement("INSERT INTO tops(id, title, elements, size, entity, timeStamp) VALUES(?,?,?,?,?,?)");
pstmt.setInt(1,item.getID());
//Assuming that title is a String data type
pstmt.setString(2,item.getTitle());
pstmt.setString(3,this.elements);
pstmt.setDouble(4,item.getSize()); // <--- JDBC will make sure this works
//assuming Entity data type is String
pstmt.setString(5,item.getEntity());
//if your timestamp's string format is
//well formed, you may insert as a string.
pstmt.setString(6,timestamp.toString());
pstmt.executeUpdate();
}catch(Exception e){
e.printStackTrace();
}finally{
try{
pstmt.close();
}catch(Exception e){}
try{
conn.close();
}catch(Exception e){}
}
Don't use this syntax
INSERT INTO table VALUES (val1, val2, ...)
Use this one instead
INSERT INTO table (col1, col2, ...) VALUES (val1, val2, ...)
Tables may change. Fields may get added / removed / reordered - in case of which your INSERT statement would break again.
Of course, as others suggest, you should use prepared statements to avoid SQL injection and syntax errors... Imagine, item.getTitle() was any of these
"a', 'b";
"a'); DROP TABLE tops;' ...";
You really should use PreparedStatements, believe us...
In this case, however, the problem is very likely, that your locale uses the comma (,) character for the decimal point..
So 1/4 becomes: 0,25, not 0.25 as the DB would like!
Why is this a problem?
Look at this:
INSERT INTO SOMETABLE VALUES ( 0,25 );
INSERT INTO SOMETABLE VALUES ( 0, 25);
Both are treated as having 2 values, just the first one is not obvious for us, who use the comma as a decimal point... So you have to change the comma to a dot, or change the locale to US.
Correct:
INSERT INTO SOMETABLE VALUES ( 0.25);
You can specify the locale of the string formatting using String.format(Locale l, String format, Object... args) by supplying an appropriate locale.
This format string corrected.
"INSERT INTO tops VALUES (%f, '%s', %f, %.2f, '%s', TO_TIMESTAMP('%s', 'YYYY-MM-DD HH24:MI:SS.FF'))"
Don't use many values for each argument, use exactly one for each one, total six values.
Related
I am working on a little project.
Now I don't know, how to "replace" a old value in the mysql table.
Here you can see the table:
Thats my methods:
MySQL.update("INSERT INTO OnlineServer (Name) VALUES ('" + API.getServerFreeServer() + "');");
public static void update(String qry) {
try {
java.sql.Statement st = con.createStatement();
st.executeUpdate(qry);
st.close();
} catch (SQLException e) {
connect();
e.printStackTrace();
}
}
The problem now is, if I update the mysql, it dont replace the value in the column "Name". It just add a new Value under the old Value. The table is Going to be too huge if I Update every 5 seconds.
I need exactly one value in the column "Name".
So I have tryed to replace the insert but it doesn't work for me.
Maybe you have some ideas?
Sorry for my bad English, I'am German.
It sounds like you want to do an update here of the table, rather than an insert:
String sql = "UPDATE OnlineServer Set Name = ?";
PreparedStatement ps = dbConnection.prepareStatement(sql);
ps.setString(1, API.getServerFreeServer());
ps.executeUpdate();
By the way, your current query is doing raw string concatenation, making it prone to typos as well as SQL injection. I have used a prepared statement above, which is the most desirable way to execute a query using JDBC.
INSERT operation is for adding new record only and thus irrespective of you specify single column or 1million column it will add a new record. You actually need an UPDATE statement saying
UPDTE OnlineServer SET Name = <value>
You might also want to check INSERT ... ON DUPLICATE KEY UPDATE
I'm parsing through some data all in a text files. By parsing it i throw everything into a String array and then use that array to insert into my MySQL database. Most of the data is actually text strings but some are dates and integers.
If i insert a string like "4538762" into a MySQL column defined as an INT will that be accepted?
Same goes for date.
It depends on how you are running your insert.
You SHOULD be running it as a PreparedStatement. When you use prepared statements you add values based on their datatype. See the example below. There is a good tutorial that you should check out at: http://tutorials.jenkov.com/jdbc/preparedstatement.html
String sql = "update people set firstname=? , lastname=? where id=?";
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, "Gary");
preparedStatement.setString(2, "Larson");
preparedStatement.setLong (3, 123);
int rowsAffected = preparedStatement.executeUpdate();
You could either pass the string as is :
preparedStatement.setString(1, "4538762") ;
or convert it to int and pass the int :
preparedStatement.setInt(1, Integer.parseInt("4538762")) ;
MySQL can handle both. In the former case, it would parse the String to int by itself.
below is code is a code i wrote to get the value of 'monthly Depreciation' when i select the row on my j Table by either mouse-clicked or key-pressed. but it only selects the first value for 'monthly depreciation' when i click on the rows or key-press.the problem i know is coming from the where statement but can't seem to get around it.
if(evt.getKeyCode()==KeyEvent.VK_DOWN || evt.getKeyCode()==KeyEvent.VK_UP)
{
try{
int row =dep_report.getSelectedRow();
String Table_click=(dep_report.getModel().getValueAt(row, 0).toString());
String sql ="select Date_Acquired 'Date Acquired',Serial_Number 'Serial Number',"
+ " Description 'Description',Cost_Of_Acquisition 'Cost Of Acquisition',"
+ "Monthly_Depreciation 'Monthly Depreciation',Accumulated_Depreciation 'Accumulated Depreciation',Net_Book_Value 'Net Book Value'"
+ ",asset_update.Branch_Area 'Branch Area',Depts_name 'Department Name' ,User 'User',"
+ "Status 'Status' from items,asset_update where items.items_No = asset_update.items_No &&'"+Table_click+"'";
pst = conn.prepareStatement(sql);
rs = pst.executeQuery();
if(rs.next()){
String add1 = rs.getString("Monthly Depreciation");
MonthlyDep.setText(add1);
}
}
catch(Exception e)
{
JOptionPane.showMessageDialog(null, e);
}
I would really appreciate the help thank you.
In your sql
where items.items_No = asset_update.items_No &&'"+Table_click+"'";
&& wont work for sql and you might need
where items.items_No = asset_update.items_No and items.someThing= '"+Table_click+"'";
Please use Java naming conventions and give proper names to things Table_click is a horrible variable name.
But can you describe what is in your table model in the 1st column of the selected row?
You seem to append that to your query and if it does not contain a valid SQL part, this will not work well with your statement. In a where clause you usually check a column against a value. I doubt that your table model has this written there, more likely you just have the value in your table model at this position.
Also make sure to properly use prepared statements. Never put the values directly in the SQL string you create or you create the perfect entry point for SQL injection. Assign the values instead once you have created the statement with something like this: pst.setString(1, Table_click);
I'm trying to insert CLOBs into a database (see related question). I can't quite figure out what's wrong. I have a list of about 85 clobs I want to insert into a table. Even when inserting only the first clob I get ORA-00911: invalid character. I can't figure out how to get the statement out of the PreparedStatement before it executes, so I can't be 100% certain that it's right, but if I got it right, then it should look exactly like this:
insert all
into domo_queries values ('select
substr(to_char(max_data),1,4) as year,
substr(to_char(max_data),5,6) as month,
max_data
from dss_fin_user.acq_dashboard_src_load_success
where source = ''CHQ PeopleSoft FS''')
select * from dual;
Ultimately, this insert all statement would have a lot of into's, which is why I just don't do a regular insert statement. I don't see an invalid character in there, do you? (Oh, and that code above runs fine when I run it in my sql developer tool.) And I if I remove the semi-colon in the PreparedStatement, it throws an ORA-00933: SQL command not properly ended error.
In any case, here's my code for executing the query (and the values of the variables for the example above).
public ResultSet executeQuery(String connection, String query, QueryParameter... params) throws DataException, SQLException {
// query at this point = "insert all
//into domo_queries values (?)
//select * from dual;"
Connection conn = ConnectionPool.getInstance().get(connection);
PreparedStatement pstmt = conn.prepareStatement(query);
for (int i = 1; i <= params.length; i++) {
QueryParameter param = params[i - 1];
switch (param.getType()) { //The type in the example is QueryParameter.CLOB
case QueryParameter.CLOB:
Clob clob = CLOB.createTemporary(conn, false, oracle.sql.CLOB.DURATION_SESSION);
clob.setString(i, "'" + param.getValue() + "'");
//the value of param.getValue() at this point is:
/*
* select
* substr(to_char(max_data),1,4) as year,
* substr(to_char(max_data),5,6) as month,
* max_data
* from dss_fin_user.acq_dashboard_src_load_success
* where source = ''CHQ PeopleSoft FS''
*/
pstmt.setClob(i, clob);
break;
case QueryParameter.STRING:
pstmt.setString(i, "'" + param.getValue() + "'");
break;
}
}
ResultSet rs = pstmt.executeQuery(); //Obviously, this is where the error is thrown
conn.commit();
ConnectionPool.getInstance().release(conn);
return rs;
}
Is there anything I'm just missing big time?
If you use the string literal exactly as you have shown us, the problem is the ; character at the end. You may not include that in the query string in the JDBC calls.
As you are inserting only a single row, a regular INSERT should be just fine even when inserting multiple rows. Using a batched statement is probable more efficient anywy. No need for INSERT ALL. Additionally you don't need the temporary clob and all that. You can simplify your method to something like this (assuming I got the parameters right):
String query1 = "select substr(to_char(max_data),1,4) as year, " +
"substr(to_char(max_data),5,6) as month, max_data " +
"from dss_fin_user.acq_dashboard_src_load_success " +
"where source = 'CHQ PeopleSoft FS'";
String query2 = ".....";
String sql = "insert into domo_queries (clob_column) values (?)";
PreparedStatement pstmt = con.prepareStatement(sql);
StringReader reader = new StringReader(query1);
pstmt.setCharacterStream(1, reader, query1.length());
pstmt.addBatch();
reader = new StringReader(query2);
pstmt.setCharacterStream(1, reader, query2.length());
pstmt.addBatch();
pstmt.executeBatch();
con.commit();
Of the top of my head, can you try to use the 'q' operator for the string literal
something like
insert all
into domo_queries values (q'[select
substr(to_char(max_data),1,4) as year,
substr(to_char(max_data),5,6) as month,
max_data
from dss_fin_user.acq_dashboard_src_load_success
where source = 'CHQ PeopleSoft FS']')
select * from dual;
Note that the single quotes of your predicate are not escaped, and the string sits between q'[...]'.
One of the reason may be if any one of table column have an underscore(_) in its name . That is considered as invalid characters by the JDBC . Rename the column by a ALTER Command and change in your code SQL , that will fix .
Oracle provide some explanation for ORA-00911. You can got this explanation after executing SQL request in Oracle SQL Developer.
ORA-00911. 00000 - "invalid character"
*Cause: identifiers may not start with any ASCII character other than
letters and numbers. $#_ are also allowed after the first
character. Identifiers enclosed by doublequotes may contain
any character other than a doublequote. Alternative quotes
(q'#...#') cannot use spaces, tabs, or carriage returns as
delimiters. For all other contexts, consult the SQL Language
Reference Manual
But in your case it seems to be double ' character
I'm having a problem with setting up a PreparedStatement to insert a new row into my table. I've tested the query in my SQL editor and it worked succesfully but I can't get this PreparedStatement to work.
String sql = "INSERT INTO table game(gamedate, type, world) values (TIMESTAMP '?', ?, '?');"
runQuery(sql, date, type, world);
...
protected runQuery(String sql, Object... params){
try {
initiateConnection();
PreparedStatement statement = connection.PrepareStatement(sql);
int i = 1;
for (Object p : params){
statement.setObject(i, p);
i++;
}
statement.executeUpdate();
} catch (Exception ex){
} finally {
//close up things
}
}
I added in some println() to test the output and it seemed to all be pretty okay
sql: INSERT INTO game(gamedate, type, world) values(TIMESTAMP '?', ?, '?');
date: 2012-03-13 21:42:14
type: 1
world: test
The error I get is
java.sql.SQLException invalid column index
I'm really quite stumped here. Any idea what's the culprit here?
Two guesses:
you don't need quotes around the question marks. Get rid of those
the TIMESTAMP function might be problematic. Try converting the date to a timestamp before setting it in the prepared statement. (date.getTime() / 1000)
Your SQL statement has only one substitutable placeholder. The ones in single quotes are literal question marks.