I don' t understand why eclipse tell me this error for this query:
ResultSet rs = st.executeQuery("select * from '"+ value3+ "' where Name='" + value1 + "' and Password='"+ value2 + "'");
error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''f' where Name='f' and Password='f'' at line 1
1) Try this.
ResultSet rs = st.executeQuery("select * from `" + value3 + "` where Name='" +
value1 + "' and Password='"+ value2 + "'");
See here:
MySQL Identifiers
The identifier quote character is the backtick ("`") in MySQL.
2) Also, as you're not using PreparedStatement, if your Name or
Password contains ' you will have issues. Your code is vulnerable
to SQL injection.
See also:
PreparedStatement
SQL injection
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.