RuntimeException using Tomcat and MySQL

StackOverflow https://stackoverflow.com/questions/23574270

Question

I just cannot get this problem!

java.lang.RuntimeException: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near
'SELECT user_id FROM user WHERE USER_NAME ='test';'' at line 1

Can you please help me? I have no idea, what could be wrong! The syntax is okay, isn't it?

Context initCtx = new InitialContext();
Context envCtx = (Context) initCtx.lookup("java:comp/env");
DataSource ds = (DataSource) envCtx.lookup("jdbc/onlinebanking");
connection = ds.getConnection();
Statement statement = connection.createStatement();
resultSet = statement.executeQuery(sql);
resultSetKunden_id = statement.executeQuery(kunde_id);
resultSetKontostand = statement.executeQuery(kontostand);
resultSetTest = statement.executeQuery(test);
ResultSetMetaData metaData = resultSet.getMetaData();

Here's the SQL-Statement:

String sql = "select tr.EMPFÄNGER_KONTO_ID, tr.BETRAG " +
"from TRANSAKTION tr, KONTO ko, KUNDE ku " +
"where tr.KONTO_ID = ko.KONTO_ID " +
"and ko.KUNDE_ID = ku.KUNDE_ID " +
"and ku.KUNDE_NAME = '" + username +"' " +
"and ku.KUNDE_PASSWORD = '" + password +"';";

kunde_id = "SELECT kunde_id FROM kunde WHERE KUNDE_NAME ='" + username + "';";
String test = "SELECT * FROM kunde WHERE KUNDE_NAME ='" + username + "';";
kontostand = "Select betrag From Transaktion Where Konto_id = " + kunde_id + "';";

(Some words are in german)

Here's the Exception:

java.lang.RuntimeException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Janssen''' at line 1
de.java2enterprise.onlinebanking.HalloWeltServlet.getData(HalloWeltServlet.java:112)
de.java2enterprise.onlinebanking.HalloWeltServlet.doGet(HalloWeltServlet.java:32)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

Thanks!

Was it helpful?

Solution

I would suggest using either a prepared statement or even an ORM framework.

But to answer your question, you should replace:

kontostand = "Select betrag From Transaktion Where Konto_id = '" + kunde_id + "'";

with

kontostand = "Select betrag From Transaktion Where Konto_id = (" + kunde_id + ")";
                                                              ^                ^

OTHER TIPS

Do not put ; (semi colon ) in your queries .

So your queries will be :

String sql = "select tr.EMPFÄNGER_KONTO_ID, tr.BETRAG " +
"from TRANSAKTION tr, KONTO ko, KUNDE ku " +
"where tr.KONTO_ID = ko.KONTO_ID " +
"and ko.KUNDE_ID = ku.KUNDE_ID " +
"and ku.KUNDE_NAME = '" + username +"' " +
"and ku.KUNDE_PASSWORD = '" + password +"'";

kunde_id = "SELECT kunde_id FROM kunde WHERE KUNDE_NAME ='" + username + "'";
String test = "SELECT * FROM kunde WHERE KUNDE_NAME ='" + username + "'";
kontostand = "Select betrag From Transaktion Where Konto_id = '" + kunde_id + "'";
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top