aspose file tools*
The moose likes JDBC and the fly likes Help needed with error SQLException: ORA-00928: missing SELECT keyword Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Help needed with error SQLException: ORA-00928: missing SELECT keyword " Watch "Help needed with error SQLException: ORA-00928: missing SELECT keyword " New topic
Author

Help needed with error SQLException: ORA-00928: missing SELECT keyword

Keshini Weerasuriya
Greenhorn

Joined: Jan 08, 2006
Posts: 24
Hey.. I'm trying to save some data to an oracle database. I get the error message saying

SQLException: ORA-00928: missing SELECT keyword

Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");

conn = DriverManager.getConnection(
"jdbc racle:thin:scott/tiger@localhost:1521 ra");

String name = request.getParameter( "UName" );
String pword = request.getParameter("Pass");

Statement stmt = conn.createStatement();
stmt.executeUpdate("INSERT INTO UserAccount" +
"VALUES('"+name+"', '"+pword+"')");

}
catch(SQLException e)
{
out.println("SQLException: " + e.getMessage() + "<BR>");
while((e = e.getNextException()) != null)
out.println(e.getMessage() + "<BR>");
}
catch(ClassNotFoundException e)
{
out.println("ClassNotFoundException: " + e.getMessage() + "<BR>");
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
Randall Floyd
Greenhorn

Joined: May 31, 2006
Posts: 1
Maybe I'm not parsing your INSERT statement correctly, but it looks to me like you will be missing a space between the table name and VALUES clause:

"INSERT INTO UserAccount" + "VALUES...

Will end up being

INSERT INTO UserAccountVALUES

I think you need a space somewhere, like:

"INSERT INTO UserAccount " + "VALUES...
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61761
    
  67

Please post JDBC questions in the approriate forum.

Moved to the JDBC forum.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
stu derby
Ranch Hand

Joined: Dec 15, 2005
Posts: 333
You need to be using PreparedStatement, instead of Statement.

1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of "O'Malley".
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Help needed with error SQLException: ORA-00928: missing SELECT keyword