Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Syntax error

 
Amritpal Singh Moomie
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI i am trying to write a sql query and storing it in a empty string so that i can execute it later

So it should run like this in the application >> Select * from users where name=? and pass=?;

i have two variable that i have to check from the code with databse.

a string loginname and string password

SO here is what i am doing



But when i run application i am getting this error =(

R You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'shen AND pass= abcd1234' at line 1
 
Matthew Brown
Bartender
Posts: 4567
8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The syntax error is because you haven't got quotes round the strings in your SQL statement.

However, don't do it that way! Use parameterized queries. It solves this problem, and it prevents any nasty security problems (search for "Injection Attack" to see what your current version might be opening itself to).
 
Amritpal Singh Moomie
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks very much
i appreciate

i have one more question

How can i check whether the resultset has any row or not?

like is there any record for such query?
 
Jan Cumps
Bartender
Posts: 2588
11
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That has been answered in your other post:
http://www.coderanch.com/t/512188/JDBC/java/unexpected-output

Good luck.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic