stackoom
  简体   繁体   中英

Java MySQL check if value exists in database

 原文  2013-04-19 07:23:19       java/ mysql/ jdbc

Question

I am trying to check, if a specific value already exists in my database. I am accessing database from java standalone app using JDBC (queries for inserting records into db work so my setup and connection are ok). 

String queryCheck = "SELECT * from messages WHERE msgid = " + msgid;
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery(queryCheck); // execute the query, and get a java resultset

// if this ID already exists, we quit
if(rs.absolute(1)) {
     conn.close();
     return;
}

I am getting this error (there is apparently something wrong with my SQL syntax): 

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd-f05708071f8f' at line 1

However, if I try to execute this command in my MySQL command line, it works! Can you tell me, whats wrong with my statement? Thanks for any tips!

7 answers

solution1
 24 ACCPTED  2013-04-19 07:26:08

You need to wrap a String in quotes in MySQL, so the query needs to be 

SELECT * from messages WHERE msgid = 'd-f05708071f8f';

Not 

SELECT * from messages WHERE msgid = d-f05708071f8f;

So the code should read 

String queryCheck = "SELECT * from messages WHERE msgid = '" + msgid + "'";

I would suggest using a PreparedStatement to avoid these sorts of issues and any risk of SQL injection: 

final String queryCheck = "SELECT * from messages WHERE msgid = ?";
final PreparedStatement ps = conn.prepareStatement(queryCheck);
ps.setString(1, msgid);
final ResultSet resultSet = ps.executeQuery();

Using string concatenation for query building is considered very bad practice. Has been for a long time now.

Further I would suggest using select count(*) rather than the full select * as this returns much less data (think of the size of the ResultSet ) and MySQL can optimise it too. 

final String queryCheck = "SELECT count(*) from messages WHERE msgid = ?";
final PreparedStatement ps = conn.prepareStatement(queryCheck);
ps.setString(1, msgid);
final ResultSet resultSet = ps.executeQuery();
if(resultSet.next()) {
    final int count = resultSet.getInt(1);
}

solution2
 5  2013-04-19 07:26:15

You need to use bind variables. 

 PreparedStatement st = conn.prepareStatement(
    "SELECT * from messages WHERE msgid = ?");
 st.setString(1, msgid);
 ResultSet rs = st.executeQuery(queryCheck);

Or get into manual quoting, but that is risky.

In addition to preventing SQL injection, prepared statements should also improve performance if you run the same query repeatedly.

solution3
 3  2013-04-19 07:26:08

Since msgid is a varchar you need to surround the value in the where clause with single quotes. 

String queryCheck = "SELECT * from messages WHERE msgid = '" + msgid + "'";

Dynamically generating SQL strings is not recommend however since it can expose your application to sql injection.

Instead use a PreparedStatement : 

            String queryCheck = "SELECT * from messages WHERE msgid = ?";
            PreparedStatement st = conn.prepareStatement(queryCheck);
            st.setString(1, msgid);
            ResultSet rs = st.executeQuery();

solution4
 3  2013-04-19 07:26:15

Use single quotes arount the parameter: 

"SELECT * FROM messages WHERE msgid = '" + msgid + "'";

Or better you use prepared statements .

solution5
 3  2013-04-19 07:27:36

You can try this: 

String queryCheck = "SELECT * from messages WHERE msgid = '" + msgid + "'";

You have missed quotes around msgid. (I'm assuming that msgid is String and not Integer value. )

solution6
 1  2013-04-19 07:27:02

您需要使用单引号

SELECT * from messages WHERE msgid = 'd-f05708071f8f';

solution7
 0  2017-07-29 16:30:45

String sql1 ="SELECT Time FROM monday_wednesday WHERE Time ='"+time.getSelectedItem()+"'";
pst=con.prepareStatement(sql1);
rs=pst.executeQuery();
if(rs.next()) {
    if(rs.getString("Time").equals(time.getSelectedItem())) {
        JOptionPane.showMessageDialog(null,"Time is already taken","",JOptionPane.INFORMATION_MESSAGE); 
    }
} else {
    String sql="INSERT INTO monday_wednesday(pfname,pmname,plname,Birthdate,Gender,Address,City,Contact,Contactperson,Time,Date)\n" + "VALUES ('"+txtFirstName1.getText()+"','"+txtMiddleName1.getText()+"','"+txtLastName1.getText()+"','"+d+"','"+gender.getSelectedItem()+"','"+ txtAddress.getText()+"','"+txtCity.getText()+"','"+txtContact.getText()+"','"+txtContactPerson1.getText()+"','"+time.getSelectedItem()+"','"+dateFormat.format(date)+"')";
}

Just a simple duplicate entry algorithm

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check if value exists in MySQL DB in Java? How to check if a particular database in mysql already exists using java Java Hibernate check if a value exists how to check if id in mysql already exists with java Java- check if id already exists in database Check if word exists in within a database table in Java MySQL + Android check if more value exists Check if value entered exists in database android How to check if a value exists in firebase database - android Database query loop in vertx to check if value exists
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM