aspose file tools*
The moose likes JDBC and the fly likes DB2 SQL Error: SQLCODE=-103 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "DB2 SQL Error: SQLCODE=-103" Watch "DB2 SQL Error: SQLCODE=-103" New topic
Author

DB2 SQL Error: SQLCODE=-103

Faisal Fuad
Ranch Hand

Joined: Jul 05, 2011
Posts: 79

Guys need help to solve this problem. What i am trying to do here is, suppose from an HTML page user enters something into a textarea and passes submit. From my servlet then i am getting that user submitted value like this way:



Now when a SQL statement i want to run based on this user's input then there i am facing problem.

When i am writing the following SQL Statement, then everything is fine:



But when i want to use the User's input into the SQL Statement like below then facing the problem:



The error in my log is as follows:

"DB2 SQL Error: SQLCODE=-103, SQLSTATE=42604, SQLERRMC=1104500000000001FF, DRIVER=4.11.77"

Can any one please help? How to write the SQL Statement correctly in my type of situation for DB2?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Don't build SQL strings like that. For one thing it's error-prone, as you can see from your own post (I will leave you to google those error codes to find out what you did wrong). For another thing it makes your system liable to SQL injection attacks (I will leave you to google that too, and I strongly advise you to do so.)

Instead, use a PreparedStatement. Like this:

followed by code which sets the parameter values. I'm going to assume that your ID column is a String, in which case you would write:


I believe your ID column is a String because you got an error message; if the column were a String then you would have had to surround the value you were comparing the column to with quotes, and you didn't do that, which would cause an error message. But don't try to fix the code by surrounding the value with quotes, as that isn't a complete fix. First there's the SQL injection issue, and then there's the issue of what happens if the input value already contains a quote. (Hint: you get an error.) PreparedStatement takes care of all of that for you. Use it.
Faisal Fuad
Ranch Hand

Joined: Jul 05, 2011
Posts: 79

Guess what Paul, after reading such a wonderful reply of your's i though i must have to do so in your way......and.......I did it !!! Wonderful man...i learned a great thing just because of you. This is why a learned person is always diferent and unique than others. They know how to motivate people, they know how to talk to a people in a way so they easily can understand. God bless you man.

Always be unique like the way you are. Best wishes
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: DB2 SQL Error: SQLCODE=-103