Meaningless Drivel is fun!
The moose likes JDBC and Relational Databases and the fly likes query trouble Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "query trouble" Watch "query trouble" New topic

query trouble

Anand Shrivastava
Ranch Hand

Joined: Jul 22, 2007
Posts: 125
kindly see the following code

pgres.otherquery("insert into (authorname) values ('"+jComboBox3.getSelectedItem().toString().trim()+"'");
pgres.otherquery("insert into public.subject (subject) values ('" + jComboBox1.getSelectedItem().toString().trim()+"'");
aset = pgres.selectquery("select authid from where authorname =" + jComboBox3.getSelectedItem());
sset = pgres.selectquery("select sid from public.subject where subject =" + jComboBox1.getSelectedIndex());
try {
pgres.otherquery("insert into public.author_subject values (" + aset.getInt("authorid")+", "+sset.getInt("sid") +")");
catch (Exception E) {System.out.println(E.getMessage());}

it gives the error message syntax error at the end of input. Probably this is the error message returned by the database.

Anand Shrivastava
Ernest Friedman-Hill
author and iconoclast

Joined: Jul 08, 2003
Posts: 24195

Don't do this -- use PreparedStatement. It will handle the quoting for you and whatever mistake you've made here, won't happen. Furthermore, it's far more secure -- code like this leaves you wide open for SQL injection attacks!

I'm moving this to our JDBC forum for any follow-up.

[Jess in Action][AskingGoodQuestions]
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: query trouble
It's not a secret anymore!