0

I don' t understand why eclipse tell me this error for this query:

ResultSet rs = st.executeQuery("select * from '"+ value3+ "' where Name='" + value1 + "' and Password='"+ value2 + "'");

error:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''f' where Name='f' and Password='f'' at line 1
Improve this question
3
  • 1. Use backticks to escape table and column names. 2. Use prepared statements instead of patching thinks together. Commented Jan 18, 2014 at 16:43
  • 1
    be careful though. concatenating sql statements like that can lead to SQL injection vulnerarbilities. have a look at prepared statements. Commented Jan 18, 2014 at 16:44
  • why suffer using above statement try using PreparedStatement lot more easier to understand and better way of coding. Commented Jan 18, 2014 at 16:48

1 Answer 1

Reset to default
3

1) Try this.

ResultSet rs = st.executeQuery("select * from `" + value3 + "` where Name='" +
               value1 + "' and Password='"+ value2 + "'");

See here:
MySQL Identifiers

The identifier quote character is the backtick ("`") in MySQL.

2) Also, as you're not using PreparedStatement, if your Name or
Password contains ' you will have issues. Your code is vulnerable
to SQL injection.

See also:
PreparedStatement
SQL injection

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Some explanation, what you actually changed and why you did so, would be nice as well.
you are only the BEST, i' ve passed all the afternoon to get some solution!!! tnks you so much!!!
i dont understand when you talk about sql injection can you explain pretty well?
Well, you can Google it. Check this for example: en.wikipedia.org/wiki/SQL_injection
let me understand, if it is a school project it will have sql injection but if it is for your real job it would not have security flaws?, CiMat, always do the best when programming please. :)
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.