This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java.sql.SQLException: ORA-00907: missing right parenthesis

lakshmi gullapudi
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Found vulnerability while scanning the application ..but didn’t find any wrong in query…

Exception in logs:

02 May 2013 23:25:48,843 [SocketListener0-6] ERROR com.xelus.solos.query.Query - Sql Exception thrown when executi
java.sql.SQLException: ORA-00907: missing right parenthesis

at oracle.jdbc.dbaccess.DBError.throwSqlException(
at oracle.jdbc.ttc7.TTIoer.processError(
at oracle.jdbc.ttc7.Oall7.receive(
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteDescribe(
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(
at oracle.jdbc.driver.OracleStatement.doExecute(
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(
at com.bitmechanic.sql.PooledPreparedStatement.executeQuery(
at com.xelus.solos.query.Query.execute(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.validatePdsProductCd(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.isValid(Unknown Source)
at com.xelus.solos.trans.Display1BrTrans.getFilter(Unknown Source)
at sun.reflect.GeneratedMethodAccessor288.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at com.xelus.solos.trans.TransRunner.execute(Unknown Source)
at com.xelus.solos.servlet.TransServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at org.mortbay.jetty.servlet.ServletHolder.handle(
at org.mortbay.jetty.servlet.ServletHandler.dispatch(
at org.mortbay.jetty.servlet.ServletHandler.handle(
at org.mortbay.http.HttpContext.handle(
at org.mortbay.http.HttpContext.handle(
at org.mortbay.http.HttpServer.service(
at org.mortbay.http.HttpConnection.service(
at org.mortbay.http.HttpConnection.handleNext(
at org.mortbay.http.HttpConnection.handle(
at org.mortbay.http.SocketListener.handleConnection(
at org.mortbay.util.ThreadedServer.handle(
at org.mortbay.util.ThreadPool$

Code :

private boolean validatePdsProductCd(String pdsCd,
StringBuffer validPdsProductCdFilter,
ResourceBundle productLinePromptBundle)
throws SQLException, ConnectionManagerException,
ObjectNotInDbException, QueryException {
boolean returnValue = true;

SpliByPdsProductCodeQuery query = new SpliByPdsProductCodeQuery();

if (pdsCd != null)

"'" + pdsCd.toUpperCase() + "'");


if (query.hasNext()) {
validPdsProductCdFilter.append(pdsCd.toUpperCase() + " ");
else {
// if this is a valid code name but has no associated spli's just ignore it
// don't create an error message
if (!SolosCodeName.isStoredByPdsProductCd(pdsCd.toUpperCase()))
returnValue = false;

if (!returnValue) {
Object[] args = {pdsCd};
String msg = productLinePromptBundle.getString("ERROR_MSG_044");
_errorMessageList.add(MessageFormat.format(msg, args));



return returnValue;


public void execute() throws QueryException {
long start = System.currentTimeMillis();

try {
if (_con == null) {
// get a connection to use
ConnectionManager connectionManager = ConnectionManager.getInstance();
Connection con = connectionManager.getConnection();

setConnection(con, true);

if (logCat.isDebugEnabled()) {

//If there are parameters then run create a preapared statement to run
//otherwise create a regular statement.
if (_params.size() > 0) {
_pstmt = _con.prepareStatement(getSQL()); //as per logs exception is coming here
_rs = _pstmt.executeQuery();
else {
_stmt = _con.createStatement();
_rs = _stmt.executeQuery(getSQL());

_hasNext =;
catch (SQLException e) {
logCat.error("Sql Exception thrown when executing query", e);

throw new QueryException("Sql Exception thrown when executing query",getSQL()); }
catch (ConnectionManagerException e) {
logCat.error("Connection Manager Exception thrown when executing query", e);

throw new QueryException("Connection Manager Exception thrown when executing query",getSQL());

if (logCat.isDebugEnabled()) {
logCat.debug ( "Excecution Time in milliseconds: " + Long.toString(System.currentTimeMillis() - start));

_isValid = true;

protected String getSQL() {
String pdsProductCds = (String) getParam(PARAM_PDS_PRODUCT_CDS);
+ pdsProductCds + ") ";

return sql;


whats wrong in above query and can you please help me how to fix this error.

Martin Vajsar
Posts: 3752
Chrome Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch!

The "missing right parenthesis" error usually means there is a syntax error in the query. Most often the SQL parser has encountered an unexpected symbol. I'd suggest to print the actual text of the statement to the console or log, and inspect it. It looks like the values passed to it in the IN clause were not escaped properly.

Of course, this needs to be rewritten to use PreparedStatements, as you already know . Unfortunately, using the IN operator is always clumsy with prepared statements.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic