Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using strings within strings to read vars?

 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all
I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";

Resin keeps saying:
500 Servlet Exception

/Users/username/Downloads/resin-3.1.9/webapps/ROOT/WEB-INF/classes/com/verify/web/VerifyUser.java:76:
';' expected
String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";
^
1 error


Everything else in the class works.



 
Amol Nayak
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I keep getting the same error due to improper parsing of: String sqlStatement = "INSERT INTO user (firstName,userName,password,email,userRole) VALUES ("+fName,uName,pw,em,userRole+");";


Is this a valid java statement?

Hint: look at the string marked in bold.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The String sqlStatement is supposed to contain the SQL statement for the mysql database.
The problem is that the parser can't seem to see the content of the local string vars:




If I put the ' ' around fName and the others it reads them as stings and not vars and I end up with firstName = "fName" instead of firstName = fName; as it should.


D
 
Nilesh Miskin
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try this:



Here I assume that the fields firstName,userName,password,email,userRole all are of type VARCHAR.
Hence I have enclosed these in single quotes.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You my friend are not a green
horn but a Nerd god.



Works perfectly!! Yahoooooooooooo!


D
 
Tom Reilly
Rancher
Posts: 618
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to separate your variables from the SQL syntax. Try the following and then print ths sqlStatement after it to see that it is correct. For efficiency you could try using StringBuilder or String.format() but get the below statement to work first.

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SQL injection.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SQL injection. *yikes*
How do I prevent this? :O


D
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't build SQL with unsafe-strings, or use prepared statements.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When I try to use pre-compared statements it fails bigtime:



Is the anyway for me to inspect the pstmt objects contends to be sure it's looks the way it should? :P


D
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please see ItDoesntWorkIsUseless -- without knowing how it fails, it's a lot more difficult to fix.
 
Daniel Stege Lindsjo
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The browser indicates the following:

Passwords match.
Welcome Laila.
You may register with this nickname.
You may register with this email.
Preparing statement...


And then it stops.
NB: The DB table has 6 fields beginning with an id AUTO INCREMENT NOT NULL, set by the DB.



Hopes this is enough info.


D


 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope, it's not. Check your log.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic