File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JDBC and Relational Databases and the fly likes  java.sql.SQLException: ORA-00907: missing right parenthesis Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark " java.sql.SQLException: ORA-00907: missing right parenthesis " Watch " java.sql.SQLException: ORA-00907: missing right parenthesis " New topic

java.sql.SQLException: ORA-00907: missing right parenthesis

lakshmi gullapudi

Joined: Mar 18, 2013
Posts: 16
Found vulnerability while scanning the application ..but didn’t find any wrong in query…

Exception in logs:

02 May 2013 23:25:48,843 [SocketListener0-6] ERROR com.xelus.solos.query.Query - Sql Exception thrown when executi
java.sql.SQLException: ORA-00907: missing right parenthesis

at oracle.jdbc.dbaccess.DBError.throwSqlException(
at oracle.jdbc.ttc7.TTIoer.processError(
at oracle.jdbc.ttc7.Oall7.receive(
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteDescribe(
at oracle.jdbc.driver.OracleStatement.doExecuteQuery(
at oracle.jdbc.driver.OracleStatement.doExecute(
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(
at com.bitmechanic.sql.PooledPreparedStatement.executeQuery(
at com.xelus.solos.query.Query.execute(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.validatePdsProductCd(Unknown Source)
at com.xelus.solos.trans.ProductLinePrompt.isValid(Unknown Source)
at com.xelus.solos.trans.Display1BrTrans.getFilter(Unknown Source)
at sun.reflect.GeneratedMethodAccessor288.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at com.xelus.solos.trans.TransRunner.execute(Unknown Source)
at com.xelus.solos.servlet.TransServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at org.mortbay.jetty.servlet.ServletHolder.handle(
at org.mortbay.jetty.servlet.ServletHandler.dispatch(
at org.mortbay.jetty.servlet.ServletHandler.handle(
at org.mortbay.http.HttpContext.handle(
at org.mortbay.http.HttpContext.handle(
at org.mortbay.http.HttpServer.service(
at org.mortbay.http.HttpConnection.service(
at org.mortbay.http.HttpConnection.handleNext(
at org.mortbay.http.HttpConnection.handle(
at org.mortbay.http.SocketListener.handleConnection(
at org.mortbay.util.ThreadedServer.handle(
at org.mortbay.util.ThreadPool$

Code :

private boolean validatePdsProductCd(String pdsCd,
StringBuffer validPdsProductCdFilter,
ResourceBundle productLinePromptBundle)
throws SQLException, ConnectionManagerException,
ObjectNotInDbException, QueryException {
boolean returnValue = true;

SpliByPdsProductCodeQuery query = new SpliByPdsProductCodeQuery();

if (pdsCd != null)

"'" + pdsCd.toUpperCase() + "'");


if (query.hasNext()) {
validPdsProductCdFilter.append(pdsCd.toUpperCase() + " ");
else {
// if this is a valid code name but has no associated spli's just ignore it
// don't create an error message
if (!SolosCodeName.isStoredByPdsProductCd(pdsCd.toUpperCase()))
returnValue = false;

if (!returnValue) {
Object[] args = {pdsCd};
String msg = productLinePromptBundle.getString("ERROR_MSG_044");
_errorMessageList.add(MessageFormat.format(msg, args));



return returnValue;


public void execute() throws QueryException {
long start = System.currentTimeMillis();

try {
if (_con == null) {
// get a connection to use
ConnectionManager connectionManager = ConnectionManager.getInstance();
Connection con = connectionManager.getConnection();

setConnection(con, true);

if (logCat.isDebugEnabled()) {

//If there are parameters then run create a preapared statement to run
//otherwise create a regular statement.
if (_params.size() > 0) {
_pstmt = _con.prepareStatement(getSQL()); //as per logs exception is coming here
_rs = _pstmt.executeQuery();
else {
_stmt = _con.createStatement();
_rs = _stmt.executeQuery(getSQL());

_hasNext =;
catch (SQLException e) {
logCat.error("Sql Exception thrown when executing query", e);

throw new QueryException("Sql Exception thrown when executing query",getSQL()); }
catch (ConnectionManagerException e) {
logCat.error("Connection Manager Exception thrown when executing query", e);

throw new QueryException("Connection Manager Exception thrown when executing query",getSQL());

if (logCat.isDebugEnabled()) {
logCat.debug ( "Excecution Time in milliseconds: " + Long.toString(System.currentTimeMillis() - start));

_isValid = true;

protected String getSQL() {
String pdsProductCds = (String) getParam(PARAM_PDS_PRODUCT_CDS);
+ pdsProductCds + ") ";

return sql;


whats wrong in above query and can you please help me how to fix this error.

Martin Vajsar

Joined: Aug 22, 2010
Posts: 3733

Welcome to the Ranch!

The "missing right parenthesis" error usually means there is a syntax error in the query. Most often the SQL parser has encountered an unexpected symbol. I'd suggest to print the actual text of the statement to the console or log, and inspect it. It looks like the values passed to it in the IN clause were not escaped properly.

Of course, this needs to be rewritten to use PreparedStatements, as you already know . Unfortunately, using the IN operator is always clumsy with prepared statements.
I agree. Here's the link:
subject: java.sql.SQLException: ORA-00907: missing right parenthesis
It's not a secret anymore!