Error Inserting into Database from Java
https://stackoverflow.com//questions/9641319
-
10-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I pass the following string to a method to perform an Insert, However each time I try to do this, I get an error.
PropInsert = "INSERT INTO Image_has_Props (Image_ImageID, Props_PropID), SELECT "+IntImageID+", PropID FROM Props WHERE PropDescription = '"+StrPropDescription+"';";
You can see in the error, there appears to be an extra ' After where it says Blood Pressure Monitor. I have no idea where this extra ' is coming from. I get the StrPropDescription from a JComboBox.
StrPropDescription = propChoice.getSelectedItem().toString();
Solution
I think you just have an extra comma. Try
PropInsert = "INSERT INTO Image_has_Props (Image_ImageID, Props_PropID) SELECT "+IntImageID+", PropID FROM Props WHERE PropDescription = '"+StrPropDescription+"';";
Note the lack of a comma between the INSERT and the SELECT.
OTHER TIPS
First, generating sql statements directly from user input is a dangerous thing!
Second, you might want to dump out the value of StrPropDescription right before the sql statement to ensure it has the value you think it should.
Likely, it will have an apostrophe at the end of it. Then it is a matter of tracing backwards from the source to see where/how that variable was changed.
The extra ' at the end is just the quote around the whole select syntax, matching the one before the SELECT. I think there is an error after SELECT, SELECT 1, PropID" Is 1 a column name?
A) That's not valid SQL. You have a , following (Image_ImageID, Props_PropID) - You also don't end the statement with a ; when using the JDBC.
B) You should be using prepared statements with placeholders rather than injecting raw user input into your SQL statement.
I think the problem with this statement is that you have a SELECT 1 in your sql statement, when it's not a column name in your table, and also the , in between the INSERT and SELECT statements as other people on here have mentioned.
I'm not entirely sure about the purpose of your IntImageID variable in this context, but I'm guessing that you're trying to do one of two things.
1: You're trying to get the ImageID from the table, which is a column, in which case, you'd be wanting something like:
PropInsert = "INSERT INTO Image_has_Props (Image_ImageID, Props_PropID)
SELECT ImageID, PropID FROM Props
WHERE PropDescription = '"+StrPropDescription+"'";
OR
2: You're trying to put IntImageID as the first insert value, and the second value is pulled from the database, in which case, it'd be something like the following:
PropInsert = "INSERT INTO Image_has_Props (Image_ImageID, Props_PropID)
("+IntImageID+", SELECT ImageID, PropID FROM Props
WHERE PropDescription = '"+StrPropDescription+"')";
I'm not really entirely sure if I wrote the second one correctly since I can't test it, but basically, it involves having your IntImageID variable separate from your SELECT statement, if it's not in the database table.
