Syntax Error with mysql in java
Question
I don' t understand why eclipse tell me this error for this query:
ResultSet rs = st.executeQuery("select * from '"+ value3+ "' where Name='" + value1 + "' and Password='"+ value2 + "'");
error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''f' where Name='f' and Password='f'' at line 1
1 answers
solution1
3 ACCPTED 2014-01-18 16:42:25
1) Try this.
ResultSet rs = st.executeQuery("select * from `" + value3 + "` where Name='" +
value1 + "' and Password='"+ value2 + "'");
See here:
MySQL Identifiers
The identifier quote character is the backtick ("`") in MySQL.
2) Also, as you're not using PreparedStatement, if your Name or
Password contains ' you will have issues. Your code is vulnerable
to SQL injection.
See also:
PreparedStatement
SQL injection
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
MySQL Syntax Error - Java
Error with MySQL syntax in java
MySQL Java syntax error
Java mysql syntax error
MySQL Syntax error in Java class?
Why is there a MySQL Syntax Error (java)?
java JDBC MYSQL Syntax error
Java MySQL executeUpdate syntax error
MySQL syntax error with commas? - Java
MySQL Syntax Error while creating a table - Java
Related Tags