How to solve “ORA-00933 & ORA-00936” in SQL/Oracle?

Question

Im creating a student profile for our project in school and it's my first time to make this.

This is my query for my jTable (mouseclicked) I've created in netbeans

        int row = jTable1.getSelectedRow();
        String tc = jTable1.getModel().getValueAt(row, 0).toString();
        try {
            String query ="select * from CAREPOINT_STUDENT where NAME="+tc+" ";
            pst= (OraclePreparedStatement) ungabelio1.prepareStatement(query);
            rs = (OracleResultSet) pst.executeQuery();

            if(rs.next()){

                String NAME_ID = rs.getString("NAME");
                String AGE_ID = rs.getString("AGE");
                String ADDRESS_ID = rs.getString("ADDRESS");
                String NUM_ID = rs.getString("NUM");
                String COURSE_ID = rs.getString("COURSE");
                String SPECIAL_ID = rs.getString("SPECIAL");
                String SCHOOL_ID = rs.getString("SCHOOL");
                String DOWNPAY_ID = rs.getString("DOWNPAY");
                String DISCOUNT_ID = rs.getString("DISCOUNT");
                String BALANCE_ID = rs.getString("BALANCE");
                String REVSCHED_ID = rs.getString("REVSCHED");
                String EMAIL_ID = rs.getString("EMAIL");

                NAME.setText(NAME_ID);
                AGE.setText(AGE_ID);
                ADDRESS.setText(ADDRESS_ID);
                NUM.setText(NUM_ID);
                COURSE.setText(COURSE_ID);
                SPECIAL.setText(SPECIAL_ID);
                SCHOOL.setText(SCHOOL_ID);
                DOWNPAY.setText(DOWNPAY_ID);
                DISCOUNT.setText(DISCOUNT_ID);
                BALANCE.setText(BALANCE_ID);
                REVSCHED.setText(REVSCHED_ID);
                EMAIL.setText(EMAIL_ID);

            }

        } catch (Exception e) {
            JOptionPane.showMessageDialog(null, e);
        }

    }       

When I run the program and tried to click the data (A Student Profile like name,age,school, etc..) that I created and printed inside the jtable (mouseclicked), I get this problem "ORA-00933: SQL command not properly ended"

Aside from that, I also have another problem which I created 2 jbutton called "DELETE" which means it will delete the data(Student profile) that I filled up and "UPDATE" which means to reedit the data(Student profile) that I filled up.

this is the query of my "DELETE" jbutton in netbeans

try {
            String query;
            query = "DELETE FROM CAREPOINT_STUDENT where NAME="+NAME.getText()+" ";
            pst= (OraclePreparedStatement) ungabelio1.prepareStatement(query);

            pst.execute();
            JOptionPane.showMessageDialog(null, "Successfully deleted!");
            fetch();

        } catch (Exception e) {

            JOptionPane.showMessageDialog(null, e);
        }
    }     

and this is the query of my "UPDATE" jbutton in netbeans

try {
            String query;
            query = "update CAREPOINT_STUDENT set AGE=?,ADDRESS=?,NUM=?,COURSE=?,SPECIAL=?,SCHOOL=?,DOWNPAY=?,DISCOUNT=?,BALANCE=?,REVSCHED=?,EMAIL=? where NAME="+NAME.getText()+"";
            pst= (OraclePreparedStatement) ungabelio1.prepareStatement(query);

            pst.setString(1,AGE.getText());
            pst.setString(2,ADDRESS.getText());
            pst.setString(3, NUM.getText());
            pst.setString(4, COURSE.getText());
            pst.setString(5, SPECIAL.getText());
            pst.setString(6, SCHOOL.getText());
            pst.setString(7, DOWNPAY.getText());
            pst.setString(8, DISCOUNT.getText());
            pst.setString(9, BALANCE.getText());
            pst.setString(10, REVSCHED.getText());
            pst.setString(11, EMAIL.getText());

            pst.executeUpdate();
            JOptionPane.showMessageDialog(null, "Successfully updated!");
            fetch();

        } catch (Exception e){

            JOptionPane.showMessageDialog(null, e);
        }
    }                    

when I run the program and click those 2 buttons, I get the same problem "ORA-00936: missing expression"

I really appreciate and I hope that somebody would help me to fix this problem. So that I can gain some little knowledge about sql/oracle.

Sorry for my bad english.

Answer 1

Avoid concatenating parameters as strings; use prepared statements.

Otherwise you'll run in all kind of troubles, like escaping issues for special characters, SQL Injection, etc.

For example, a safer way of running your SQL statement could be:

String query = "select * from CAREPOINT_STUDENT where NAME = ?";
pst = (OraclePreparedStatement) ungabelio1.prepareStatement(query);
pst.setString(1, tc);
rs = (OracleResultSet) pst.executeQuery();

Note : Assembling a SQL statement as a string is still useful for cases when you want to do some dynamic SQL. Even then, use ? for parameters and apply them as shown above.

Answer 2

You may need some extra single quotes so you query will read:

select * from CAREPOINT_STUDENT where NAME='Entered name';

Adjust your code:

String query ="select * from CAREPOINT_STUDENT where NAME='"+tc+"' ";