0

This is the error i get:

 **ERROR/Database(13775): Failure 1 (near "s": syntax error)**

while i try to execute the following query:

myDB.execSQL("INSERT INTO " + tableName + " (" + column[1] + "," + column[2] + "," + column[3] + "," + column[4] + ","
                                + column[5] + "," + column[6] + "," + column[7] + "," + column[8] + ",type ) VALUES('" + url + "','" + title + "','" + summary + "','" + imageUrl + "','" + completeStoryUrl + "','" + date + "','" + imageString + "','" + body + "','" + type + "')");

These values are being stored in Db by parsing an xml having RSS feeds like objects. few items are stored but on some i get this exception. Is there a problem of query of the data being sent to tha query..??? Any help is appreciated.

Improve this question
4
  • 1
    stackoverflow.com/questions/332365/… Commented Jul 19, 2011 at 10:41
  • You might need to escape the INSERT values - [this thread might help][1] [1]: stackoverflow.com/questions/5432063/… Commented Jul 19, 2011 at 10:48
  • 2
    why not make the string up first and print it out. Commented Jul 19, 2011 at 10:49
  • Thanks all of u, it was quite an iformative discussion. Commented Jul 20, 2011 at 6:14

2 Answers 2

Reset to default
1

You should never create a SQL command with string manipulation because there is the danger of a SQL injection. There are methods to safely format the command with parameter.

In Java there is for example the java.sql.PreparedStatement class.

Using such a conventional method should fix your syntax error, too.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Its on android. Java.sql.preparedstatement doesn't apply. Morever, this should be in the comment section..This is not an answer.
I cannot comment because of my rep. There are ways for a prepared statement on android, too (see stackoverflow.com/questions/433392/…). This was only an example. This is a really important note and should not be voted down!
My bad. I didn't notice your rep.. Otherwise i wouldn't have downvoted.
0

Without seeing the actual query that is being executed, I would guess that one of the fields being inserted contains a " character, which is breaking the SQL statement.

for example imagine if the value of summary was 

This string need"s to be escaped

As Michalis said, you need to escape the values being inserted ( replace any special characters )

If I were you, I would log the actual string query that is being executed. Then take a look in logcat at it and you should see why it is failing.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.