aspose file tools*
The moose likes JDBC and the fly likes  java.sql.SQLException: ORA-00907: missing right parenthesis Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark " java.sql.SQLException: ORA-00907: missing right parenthesis " Watch " java.sql.SQLException: ORA-00907: missing right parenthesis " New topic
Author

java.sql.SQLException: ORA-00907: missing right parenthesis

lakshmi gullapudi
Greenhorn

Joined: Mar 18, 2013
Posts: 16
Found vulnerability while scanning the application ..but didn’t find any wrong in query…

Exception in logs:

02 May 2013 23:25:48,843 [SocketListener0-6] ERROR com.xelus.solos.query.Query - Sql Exception thrown when executi
java.sql.SQLException: ORA-00907: missing right parenthesis

at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:114)
at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)
at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:542)
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1311)
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteDescribe(TTC7Protocol.java:595)
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(OracleStatement.java:1600)
at oracle.jdbc.driver.OracleStatement.doExecute(OracleStatement.java:1758)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1807)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:332)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:283)
at com.bitmechanic.sql.PooledPreparedStatement.executeQuery(PooledPreparedStatement.java:33)
at com.xelus.solos.query.Query.execute(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.validatePdsProductCd(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.isValid(Unknown Source)
at com.xelus.solos.trans.Display1BrTrans.getFilter(Unknown Source)
at sun.reflect.GeneratedMethodAccessor288.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.xelus.solos.trans.TransRunner.execute(Unknown Source)
at com.xelus.solos.servlet.TransServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:616)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
at org.mortbay.jetty.servlet.ServletHandler.dispatch(ServletHandler.java:666)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
at org.mortbay.http.HttpServer.service(HttpServer.java:909)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

--------------------------------------------------------------------------------------------------------------------------------------------------------
Code : ProductLinePrompt.java


private boolean validatePdsProductCd(String pdsCd,
StringBuffer validPdsProductCdFilter,
ResourceBundle productLinePromptBundle)
throws SQLException, ConnectionManagerException,
ObjectNotInDbException, QueryException {
boolean returnValue = true;

SpliByPdsProductCodeQuery query = new SpliByPdsProductCodeQuery();

if (pdsCd != null)
{

query.setParam(SpliByPdsProductCodeQuery.PARAM_PDS_PRODUCT_CDS,
"'" + pdsCd.toUpperCase() + "'");



query.execute();

if (query.hasNext()) {
validPdsProductCdFilter.append(pdsCd.toUpperCase() + " ");
}
else {
// if this is a valid code name but has no associated spli's just ignore it
// don't create an error message
if (!SolosCodeName.isStoredByPdsProductCd(pdsCd.toUpperCase()))
returnValue = false;
}

if (!returnValue) {
Object[] args = {pdsCd};
String msg = productLinePromptBundle.getString("ERROR_MSG_044");
_errorMessageList.add(MessageFormat.format(msg, args));
}

query.close();

}

return returnValue;
}

------------------------------------------------------------------------------------------------------------------------------------------------
Query.Execute()

public void execute() throws QueryException {
long start = System.currentTimeMillis();

try {
if (_con == null) {
// get a connection to use
ConnectionManager connectionManager = ConnectionManager.getInstance();
Connection con = connectionManager.getConnection();
con.setAutoCommit(false);

setConnection(con, true);
}


if (logCat.isDebugEnabled()) {
logCat.debug(getSQL());
logParameters();
}

//If there are parameters then run create a preapared statement to run
//otherwise create a regular statement.
if (_params.size() > 0) {
_pstmt = _con.prepareStatement(getSQL()); //as per logs exception is coming here
postParameters();
_rs = _pstmt.executeQuery();
}
else {
_stmt = _con.createStatement();
_rs = _stmt.executeQuery(getSQL());
}

_hasNext = _rs.next();
}
catch (SQLException e) {
logCat.error("Sql Exception thrown when executing query", e);

close();
throw new QueryException("Sql Exception thrown when executing query",getSQL()); }
catch (ConnectionManagerException e) {
logCat.error("Connection Manager Exception thrown when executing query", e);

close();
throw new QueryException("Connection Manager Exception thrown when executing query",getSQL());
}

if (logCat.isDebugEnabled()) {
logCat.debug ( "Excecution Time in milliseconds: " + Long.toString(System.currentTimeMillis() - start));
}

_isValid = true;
}
---------------------------------------------------------------------------------------------------------------------
getSQL()

protected String getSQL() {
String pdsProductCds = (String) getParam(PARAM_PDS_PRODUCT_CDS);
String sql= "SELECT DISTINCT SCNS." + Consts.FIELD_PRODUCT_LINE_CD + " "
+ "FROM " + Consts.TABLE_SOLOS_CODE_NAME_SPLI + " SCNS "
+ "WHERE SCNS." + Consts.FIELD_PDS_PRODUCT_CD + " IN("
+ pdsProductCds + ") ";

return sql;
}

-----------------------------------------------------------------------

whats wrong in above query and can you please help me how to fix this error.

Martin Vajsar
Sheriff

Joined: Aug 22, 2010
Posts: 3610
    
  60

Welcome to the Ranch!

The "missing right parenthesis" error usually means there is a syntax error in the query. Most often the SQL parser has encountered an unexpected symbol. I'd suggest to print the actual text of the statement to the console or log, and inspect it. It looks like the values passed to it in the IN clause were not escaped properly.

Of course, this needs to be rewritten to use PreparedStatements, as you already know . Unfortunately, using the IN operator is always clumsy with prepared statements.
 
jQuery in Action, 2nd edition
 
subject: java.sql.SQLException: ORA-00907: missing right parenthesis