Greenhorn
Tour Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site.
posted 13 years agoHey.. I'm trying to save some data to an oracle database. I get the error message saying
SQLException: ORA-00928: missing SELECT keyword
Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName('oracle.jdbc.driver.OracleDriver');
conn = DriverManager.getConnection(
'jdbc racle:thin:scott/tiger@localhost:1521 ra');
String name = request.getParameter( 'UName' );
String pword = request.getParameter('Pass');
Statement stmt = conn.createStatement();
stmt.executeUpdate('INSERT INTO UserAccount' +
'VALUES('+name+', '+pword+')');
}
catch(SQLException e)
{
out.println('SQLException: ' + e.getMessage() + '<BR>');
while((e = e.getNextException()) != null)
out.println(e.getMessage() + '<BR>');
}
catch(ClassNotFoundException e)
{
out.println('ClassNotFoundException: ' + e.getMessage() + '<BR>');
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
SQLException: ORA-00928: missing SELECT keyword
Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName('oracle.jdbc.driver.OracleDriver');
conn = DriverManager.getConnection(
'jdbc racle:thin:scott/tiger@localhost:1521 ra');
String name = request.getParameter( 'UName' );
String pword = request.getParameter('Pass');
Statement stmt = conn.createStatement();
stmt.executeUpdate('INSERT INTO UserAccount' +
'VALUES('+name+', '+pword+')');
}
catch(SQLException e)
{
out.println('SQLException: ' + e.getMessage() + '<BR>');
while((e = e.getNextException()) != null)
out.println(e.getMessage() + '<BR>');
}
catch(ClassNotFoundException e)
{
out.println('ClassNotFoundException: ' + e.getMessage() + '<BR>');
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
Greenhorn
posted 13 years agoMaybe I'm not parsing your INSERT statement correctly, but it looks to me like you will be missing a space between the table name and VALUES clause:
'INSERT INTO UserAccount' + 'VALUES...
Will end up being
INSERT INTO UserAccountVALUES
I think you need a space somewhere, like:
'INSERT INTO UserAccount ' + 'VALUES...
'INSERT INTO UserAccount' + 'VALUES...
Will end up being
INSERT INTO UserAccountVALUES
I think you need a space somewhere, like:
'INSERT INTO UserAccount ' + 'VALUES...
Sheriff
![Falta Falta](http://www.learnersreference.com/wp-content/uploads/2018/09/1z0-932_practice_Exam-324x324.jpg)
Please post JDBC questions in the approriate forum.
Moved to the JDBC forum.
Moved to the JDBC forum.
[Asking smart questions] [About Bear] [Books by Bear]
Ranch Hand
posted 13 years agoYou need to be using PreparedStatement, instead of Statement.
1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of 'O'Malley'.
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.
1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of 'O'Malley'.
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.
Greenhorn
posted 13 years agoHey.. I'm trying to save some data to an oracle database. I get the error message saying
SQLException: ORA-00928: missing SELECT keyword
Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName('oracle.jdbc.driver.OracleDriver');
conn = DriverManager.getConnection(
'jdbc racle:thin:scott/tiger@localhost:1521 ra');
String name = request.getParameter( 'UName' );
String pword = request.getParameter('Pass');
Statement stmt = conn.createStatement();
stmt.executeUpdate('INSERT INTO UserAccount' +
'VALUES('+name+', '+pword+')');
}
catch(SQLException e)
{
out.println('SQLException: ' + e.getMessage() + '<BR>');
while((e = e.getNextException()) != null)
out.println(e.getMessage() + '<BR>');
}
catch(ClassNotFoundException e)
{
out.println('ClassNotFoundException: ' + e.getMessage() + '<BR>');
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
SQLException: ORA-00928: missing SELECT keyword
Can u pls suggest what could be wrong with the following code?
<%
Connection conn = null;
try
{
Class.forName('oracle.jdbc.driver.OracleDriver');
conn = DriverManager.getConnection(
'jdbc racle:thin:scott/tiger@localhost:1521 ra');
String name = request.getParameter( 'UName' );
String pword = request.getParameter('Pass');
Statement stmt = conn.createStatement();
stmt.executeUpdate('INSERT INTO UserAccount' +
'VALUES('+name+', '+pword+')');
}
catch(SQLException e)
{
out.println('SQLException: ' + e.getMessage() + '<BR>');
while((e = e.getNextException()) != null)
out.println(e.getMessage() + '<BR>');
}
catch(ClassNotFoundException e)
{
out.println('ClassNotFoundException: ' + e.getMessage() + '<BR>');
}
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}
catch (Exception ignored) {}
}
}
%>
Greenhorn
posted 13 years agoMaybe I'm not parsing your INSERT statement correctly, but it looks to me like you will be missing a space between the table name and VALUES clause:
'INSERT INTO UserAccount' + 'VALUES...
Will end up being
INSERT INTO UserAccountVALUES
I think you need a space somewhere, like:
'INSERT INTO UserAccount ' + 'VALUES...
'INSERT INTO UserAccount' + 'VALUES...
Will end up being
INSERT INTO UserAccountVALUES
I think you need a space somewhere, like:
'INSERT INTO UserAccount ' + 'VALUES...
Sheriff
posted 13 years agoPlease post JDBC questions in the approriate forum.
Moved to the JDBC forum.
Moved to the JDBC forum.
[Asking smart questions] [About Bear] [Books by Bear]
Ranch Hand
posted 13 years agoYou need to be using PreparedStatement, instead of Statement.
1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of 'O'Malley'.
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.
1) You avoid lots and lots of stupid syntax errors, like the one you just had. And you can support data that has embedded quotes in them, such as the last name of 'O'Malley'.
2) On Oracle, not using PreparedStatement is the single biggest cause of really really really bad performance when you put your application into production. See:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1993620575194
See also the 2nd or 3rd response, here:
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:10128287191505
3) It is very much more secure
http://www.unixwiz.net/techtips/sql-injection.html
and other reasons.