Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Help needed with error SQLException: ORA-00928: missing SELECT keyword

 
Keshini Weerasuriya
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey.. I'm trying to save some data to an oracle database. I get the error message saying

SQLException: ORA-00928: missing SELECT keyword

Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");

conn = DriverManager.getConnection(
"jdbc racle:thin:scott/tiger@localhost:1521 ra");

String name = request.getParameter( "UName" );
String pword = request.getParameter("Pass");

Statement stmt = conn.createStatement();
stmt.executeUpdate("INSERT INTO UserAccount" +
"VALUES('"+name+"', '"+pword+"')");

}
catch(SQLException e)
{
out.println("SQLException: " + e.getMessage() + "<BR>");
while((e = e.getNextException()) != null)
out.println(e.getMessage() + "<BR>");
}
catch(ClassNotFoundException e)
{
out.println("ClassNotFoundException: " + e.getMessage() + "<BR>");
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
 
Randall Floyd
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe I'm not parsing your INSERT statement correctly, but it looks to me like you will be missing a space between the table name and VALUES clause:

"INSERT INTO UserAccount" + "VALUES...

Will end up being

INSERT INTO UserAccountVALUES

I think you need a space somewhere, like:

"INSERT INTO UserAccount " + "VALUES...
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65111
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please post JDBC questions in the approriate forum.

Moved to the JDBC forum.
 
stu derby
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to be using PreparedStatement, instead of Statement.

1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of "O'Malley".
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic