| Author |
Syntax error
|
Amritpal Singh Moomie
Ranch Hand
Joined: Sep 24, 2010
Posts: 32
|
|
HI i am trying to write a sql query and storing it in a empty string so that i can execute it later
So it should run like this in the application >> Select * from users where name=? and pass=?;
i have two variable that i have to check from the code with databse.
a string loginname and string password
SO here is what i am doing
But when i run application i am getting this error =(
R You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'shen AND pass= abcd1234' at line 1
|
 |
Matthew Brown
Bartender
Joined: Apr 06, 2010
Posts: 3791
|
|
The syntax error is because you haven't got quotes round the strings in your SQL statement.
However, don't do it that way! Use parameterized queries. It solves this problem, and it prevents any nasty security problems (search for "Injection Attack" to see what your current version might be opening itself to).
|
|
Amritpal Singh Moomie
Ranch Hand
Joined: Sep 24, 2010
Posts: 32
|
|
thanks very much
i appreciate
i have one more question
How can i check whether the resultset has any row or not?
like is there any record for such query?
|
|
Jan Cumps
Bartender
Joined: Dec 20, 2006
Posts: 2343
|
|
That has been answered in your other post:
http://www.coderanch.com/t/512188/JDBC/java/unexpected-output
Good luck.
|
OCUP UML fundamental
ITIL foundation
|
|
 |
|
|
subject: Syntax error
|
|
|
0
