Win a copy of Kotlin for Android App Development this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Using strings within strings to read vars?  RSS feed

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all
I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";

Resin keeps saying:

500 Servlet Exception

/Users/username/Downloads/resin-3.1.9/webapps/ROOT/WEB-INF/classes/com/verify/web/VerifyUser.java:76:
';' expected
String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";
^
1 error



Everything else in the class works.



 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";



Is this a valid java statement?

Hint: look at the string marked in bold.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The String sqlStatement is supposed to contain the SQL statement for the mysql database.
The problem is that the parser can't seem to see the content of the local string vars:




If I put the ' ' around fName and the others it reads them as stings and not vars and I end up with firstName = "fName" instead of firstName = fName; as it should.


D
 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try this:



Here I assume that the fields firstName,userName,password,email,userRole all are of type VARCHAR.
Hence I have enclosed these in single quotes.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You my friend are not a green
horn but a Nerd god.



Works perfectly!! Yahoooooooooooo!


D
 
Rancher
Posts: 618
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to separate your variables from the SQL syntax. Try the following and then print ths sqlStatement after it to see that it is correct. For efficiency you could try using StringBuilder or String.format() but get the below statement to work first.

 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SQL injection.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SQL injection. *yikes*
How do I prevent this? :O


D
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't build SQL with unsafe-strings, or use prepared statements.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I try to use pre-compared statements it fails bigtime:



Is the anyway for me to inspect the pstmt objects contends to be sure it's looks the way it should? :P


D
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please see ItDoesntWorkIsUseless -- without knowing how it fails, it's a lot more difficult to fix.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The browser indicates the following:

Passwords match.
Welcome Laila.
You may register with this nickname.
You may register with this email.
Preparing statement...



And then it stops.
NB: The DB table has 6 fields beginning with an id AUTO INCREMENT NOT NULL, set by the DB.



Hopes this is enough info.


D


 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope, it's not. Check your log.
 
All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!