Forums Register Login
Using strings within strings to read vars?
Hi all
I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";

Resin keeps saying:

500 Servlet Exception

';' expected
String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";
1 error

Everything else in the class works.

I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";

Is this a valid java statement?

Hint: look at the string marked in bold.
The String sqlStatement is supposed to contain the SQL statement for the mysql database.
The problem is that the parser can't seem to see the content of the local string vars:

If I put the ' ' around fName and the others it reads them as stings and not vars and I end up with firstName = "fName" instead of firstName = fName; as it should.

Try this:

Here I assume that the fields firstName,userName,password,email,userRole all are of type VARCHAR.
Hence I have enclosed these in single quotes.
You my friend are not a green
horn but a Nerd god.

Works perfectly!! Yahoooooooooooo!

You need to separate your variables from the SQL syntax. Try the following and then print ths sqlStatement after it to see that it is correct. For efficiency you could try using StringBuilder or String.format() but get the below statement to work first.

SQL injection.
SQL injection. *yikes*
How do I prevent this? :O

Don't build SQL with unsafe-strings, or use prepared statements.
When I try to use pre-compared statements it fails bigtime:

Is the anyway for me to inspect the pstmt objects contends to be sure it's looks the way it should? :P

Please see ItDoesntWorkIsUseless -- without knowing how it fails, it's a lot more difficult to fix.
The browser indicates the following:

Passwords match.
Welcome Laila.
You may register with this nickname.
You may register with this email.
Preparing statement...

And then it stops.
NB: The DB table has 6 fields beginning with an id AUTO INCREMENT NOT NULL, set by the DB.

Hopes this is enough info.


Nope, it's not. Check your log.

This thread has been viewed 1626 times.

All times above are in ranch (not your local) time.
The current ranch time is
Sep 24, 2018 02:29:59.