• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Using strings within strings to read vars?

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all
I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";

Resin keeps saying:

500 Servlet Exception

/Users/username/Downloads/resin-3.1.9/webapps/ROOT/WEB-INF/classes/com/verify/web/VerifyUser.java:76:
';' expected
String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";
^
1 error



Everything else in the class works.



 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";



Is this a valid java statement?

Hint: look at the string marked in bold.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The String sqlStatement is supposed to contain the SQL statement for the mysql database.
The problem is that the parser can't seem to see the content of the local string vars:




If I put the ' ' around fName and the others it reads them as stings and not vars and I end up with firstName = "fName" instead of firstName = fName; as it should.


D
 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try this:



Here I assume that the fields firstName,userName,password,email,userRole all are of type VARCHAR.
Hence I have enclosed these in single quotes.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You my friend are not a green
horn but a Nerd god.



Works perfectly!! Yahoooooooooooo!


D
 
Rancher
Posts: 618
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to separate your variables from the SQL syntax. Try the following and then print ths sqlStatement after it to see that it is correct. For efficiency you could try using StringBuilder or String.format() but get the below statement to work first.

 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SQL injection.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SQL injection. *yikes*
How do I prevent this? :O


D
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't build SQL with unsafe-strings, or use prepared statements.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When I try to use pre-compared statements it fails bigtime:



Is the anyway for me to inspect the pstmt objects contends to be sure it's looks the way it should? :P


D
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please see ItDoesntWorkIsUseless -- without knowing how it fails, it's a lot more difficult to fix.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The browser indicates the following:

Passwords match.
Welcome Laila.
You may register with this nickname.
You may register with this email.
Preparing statement...



And then it stops.
NB: The DB table has 6 fields beginning with an id AUTO INCREMENT NOT NULL, set by the DB.



Hopes this is enough info.


D


 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nope, it's not. Check your log.
 
Paper beats rock. Scissors beats tiny ad.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic