I have a table in my MYSQL database with hexadecimal(md5 hash values), I pick the values in one Query1 iterate over the resultset RS1 and Now I need to Fetch data from another table which has this hash value in the key column..I get an sql syntax error for executing the same:
String targetQuery = "select hashValue from targettbl ";
String sourceQuery = "select st.* from sourcetbl st where seqNo in" +
"(select seqNo from sourcetblkey where hashValue in (?)" ;
try {
stmt1 = conn.createStatement();
stmt2 = conn.prepareStatement(sourceMD5Query);
rs1 = stmt1.executeQuery(targetMd5Query);
while(rs1.next())
{
stmt2.setString(1, rs1.getString(1));
rs2 = stmt2.executeQuery(sourceQuery);
ResultSetMetaData rsmd = rs2.getMetaData();
int columnsNumber = rsmd.getColumnCount();
while(rs2.next())
{
System.out.println("Source Row");
for(int i=1;i<columnsNumber;i++)
{
System.out.println(""+rs2.getString(i));
}
}
}
Error:
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Pls help
There is a )missing at end of your statement. Change it to this:
String sourceQuery = "select st.* from sourcetbl st where seqNo in" +
"(select seqNo from sourcetblkey where hashValue in (?))" ;
Related
I have created a combobox in javafx and I want to query the sqlite db for data which are greater or less than what is selected from the combobox.
Combobox have ObservableList "10,20,30,40,50"
My query is " Select * From table Where age ( xxx ) ?"
xxx can be (" >=" or "<=")
this is my query
String qry_age = "Select * From table Where age (>=) ?";
PreparedStatement ps_age = connect.prepareStatement(qry_age);
ps_age.setInt(1,15);
ResultSet rs_age = ps_age.executeQuery();
while (rs_age.next()) {
System.out.println(rs_age.getString("age"));
}
You could simply use string concatenation to construct the query:
String ageCompareOperator = ">="; // or something else e.g. value from ComboBox
String qry_age = "Select * From table Where age " + ageCompareOperator + " ?";
PreparedStatement ps_age = connect.prepareStatement(qry_age);
...
I try to prevent SQL injection in SQL query. I used following code to do it but unfortunately I faced some problem. The query is not running in oracle DB:
strQuery = #"SELECT PASSWORD FROM IBK_USERS where upper(user_id) =upper(:UserPrefix) AND user_suffix=:UserSufix AND STATUS_CODE='1'";
//strQuery = #"SELECT PASSWORD FROM IBK_CO_USERS where user_id = '" + UserPrefix + "' AND user_suffix='" + UserSufix + "' AND STATUS_CODE='1'";
try
{
ocommand = new OracleCommand();
if (db.GetConnection().State == ConnectionState.Open)
{
ocommand.CommandText = strQuery;
ocommand.Connection = db.GetConnection();
ocommand.Parameters.Add(":UserSufix", OracleDbType.Varchar2,ParameterDirection.Input);
ocommand.Parameters[":UserSufix"].Value = UserSufix;
ocommand.Parameters.Add(":UserPrefix", OracleDbType.Varchar2,ParameterDirection.Input);
ocommand.Parameters[":UserPrefix"].Value = UserPrefix.ToUpper();
odatareader = ocommand.ExecuteReader();
odatareader.Read();
if (odatareader.HasRows)
{
Your parameters shouldn't contain the semicolon :. This is just an indicator in your query that the variable that follows is a parameter, but you don't have to supply that on the .NET side:
ocommand.Parameters["UserSufix"] = ...
This statement is extracting a list to excel which works fine
string sql = "select wo.email, wo.productid, wo.variantid ";
sql += "from woeosemails wo ";
sql += "order by email, productid ";
string attachment = "attachment; filename=EmailList.csv";
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.AddHeader("content-disposition", attachment);
HttpContext.Current.Response.ContentType = "text/csv";
HttpContext.Current.Response.AddHeader("Pragma", "public");
HttpContext.Current.Response.Write("email,productid,variantid");
HttpContext.Current.Response.Write(Environment.NewLine);
using (SqlConnection conn = new SqlConnection(DB.GetDBConn()))
{
conn.Open();
using (IDataReader NotifyReader = DB.GetRS(sql, conn))
{
while (NotifyReader.Read())
{
string email = DB.RSField(NotifyReader, "email");
int productid = DB.RSFieldInt(NotifyReader, "productid");
int variantid = DB.RSFieldInt(NotifyReader, "variantid");
email = email.Replace("\"","\"\"");
HttpContext.Current.Response.Write("\"" + email + "\"," + productid.ToString() + "," + variantid.ToString());
HttpContext.Current.Response.Write(Environment.NewLine);
}
}
conn.Close();
}
HttpContext.Current.Response.End();
I've tried adding a variety and I thought that this would work
I want to add two columns from another sql table, these are Name and SKU. Any ideas on how I can modify the first part of this code, I have tried joining the tables but nothing seems to work. The closest I have is modifying the first part to this
string sql = "select wo.email, wo.productid, wo.variantid, p.Name pname, p.Name psku, ";
sql += "from woeosemails wo ";
sql += "join Product p with (nolock) on p.ProductID = wo.productid ";
sql += "order by email, productid ";
Any help would be great
First of all you need to put alias to your order by properties and remove the comma at first line at the end. Try following:
string sql = "select wo.email, wo.productid, wo.variantid, p.Name pname, p.Name psku ";
sql += "from woeosemails wo ";
sql += "join Product p with (nolock) on p.ProductID = wo.productid ";
sql += "order by wo.email, wo.productid ";
The order by could be messing this up, you have two ProductID's, so you need to specify which one, ie: wo.productid. Check the same for email too.
While using a JDBC connection I am trying to perform 2 SELECT statements. The first returns a single record from a table (SQL_IBGN), and the second is designed to return multiple records from another table (SQL_ITXN) using a column (BGNREF) from the first query.
I have separate Statement and ResultSet objects for each query.
Code for Query 1:
Statement stmt = con.createStatement();
String sql = "SELECT BGNREF..... FROM SQL_IBGN WHERE BGNREF LIKE '2306009';";
ResultSet rs = stmt.executeQuery(sql);
String bgnref = null;
while (rs.next()) {
G1SQL_IBGN g1rec = new G1SQL_IBGN();
bgnref = rs.getString(1);
g1rec.setBGNREF(bgnref);
}
Code for Query 2:
if (bgnref != null) {
Statement stmt1 = con.createStatement();
String sql1 = "SELECT ACT_DESC...... SQL_ITXN WHERE BGNREF LIKE '"
+ bgnref + "';"; // Execute the SELECT statement ResultSet
ResultSet rs1 = stmt1.executeQuery(sql1); // Get result of first five records
while (rs1.next()) {
G1SQL_ITXN g1itxn = new G1SQL_ITXN();
g1itxn.setACT_DESC(rs1.getString(1));
}
}
The first query is returning a single record, however even though rs1.next() = true, the second while loop, while (rs1.next()) is not executed.
I want to update a dataset in a DB2/AS400 table.
The problem is if I there is string parameter in the parameters list the command does not find a row to update.
For example: If I run the command only with the company number the command will succeed. If I run the command with the company number and facility number the command fails.
Does anyone have any idea?
IDbConnection cn = Tools.GetCnApp();
try
{
StringBuilder sql = new StringBuilder();
sql.AppendLine("UPDATE " + Tools.GetSchemeApp() + "/ChangeReasonAssignments");
sql.AppendLine(" SET Confirmed = #CONF, Confirmed_By = #CONFBY, Confirmed_At = #CONFAT");
sql.AppendLine(" WHERE Company = #CONO AND Facility = #FACI AND Department = #DEPT");
sql.AppendLine(" AND Production_Group = #PRGR AND Manufacturing_Order = #ORDR AND Order_Operation = #OPER");
sql.AppendLine(" AND Confirmed = 0");
IDbCommand cmd = cn.CreateCommand();
cmd.SetParameter("#CONO", this.CompanyNumber);
cmd.SetParameter("#FACI", this.FacilityNumber);
cmd.SetParameter("#DEPT", this.ProductionGroup.Department.Name);
cmd.SetParameter("#PRGR", this.ProductionGroup.Name);
cmd.SetParameter("#ORDR", this.ManufacturingNumber);
cmd.SetParameter("#OPER", this.OperationNumber);
cmd.SetParameter("#CONFBY", Base.User);
cmd.SetParameter("#CONFAT", DateTime.Now.ToString());
cmd.SetParameter("#CONF", 1);
cmd.CommandText = sql.ToString();
if (cmd.ExecuteNonQuery() > 0)
{
}
EDIT
The datatypes in database are:
Company: INTEGER
Facility: VARCHAR
Dpartment: VARCHAR
Production_Group: VARCHAR
Manufacturing_Order:INTEGER
Order_Operation: INTEGER
The datatypes in .NET are:
CompanyNumber: int
FacilityNumber: String
Departmentname: String
ProductionGroup: String
Manufacturingorder: int
OrderOperation: int
sql.ToString() results:
UPDATE TSAEDBDEV/ChangeReasonAssignments SET Confirmed = #CONF, Confirmed_By = #CONFBY, Confirmed_At = #CONFAT WHERE Company = #CONO AND Facility = #FACI AND Confirmed = 0
Try to set the string values into ': cmd.SetParameter("#DEPT", "'" + this.ProductionGroup.Department.Name + "'");