• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

DB2 SQL Error: SQLCODE=-103

 
Faisal Fuad
Ranch Hand
Posts: 85
IBM DB2 Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys need help to solve this problem. What i am trying to do here is, suppose from an HTML page user enters something into a textarea and passes submit. From my servlet then i am getting that user submitted value like this way:



Now when a SQL statement i want to run based on this user's input then there i am facing problem.

When i am writing the following SQL Statement, then everything is fine:



But when i want to use the User's input into the SQL Statement like below then facing the problem:



The error in my log is as follows:

"DB2 SQL Error: SQLCODE=-103, SQLSTATE=42604, SQLERRMC=1104500000000001FF, DRIVER=4.11.77"

Can any one please help? How to write the SQL Statement correctly in my type of situation for DB2?
 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't build SQL strings like that. For one thing it's error-prone, as you can see from your own post (I will leave you to google those error codes to find out what you did wrong). For another thing it makes your system liable to SQL injection attacks (I will leave you to google that too, and I strongly advise you to do so.)

Instead, use a PreparedStatement. Like this:

followed by code which sets the parameter values. I'm going to assume that your ID column is a String, in which case you would write:


I believe your ID column is a String because you got an error message; if the column were a String then you would have had to surround the value you were comparing the column to with quotes, and you didn't do that, which would cause an error message. But don't try to fix the code by surrounding the value with quotes, as that isn't a complete fix. First there's the SQL injection issue, and then there's the issue of what happens if the input value already contains a quote. (Hint: you get an error.) PreparedStatement takes care of all of that for you. Use it.
 
Faisal Fuad
Ranch Hand
Posts: 85
IBM DB2 Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guess what Paul, after reading such a wonderful reply of your's i though i must have to do so in your way......and.......I did it !!! Wonderful man...i learned a great thing just because of you. This is why a learned person is always diferent and unique than others. They know how to motivate people, they know how to talk to a people in a way so they easily can understand. God bless you man.

Always be unique like the way you are. Best wishes
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic