user3019128
Reputation: 1
java.sql.SQLSyntaxErrorException: ORA-00936: missing expression
I wrote a simple SQL query in Oracle which inserts some values.
But I got SQLSyntaxErrorException stating a "missing expression" error.
This my query:
String addManager = "INSERT INTO property_manager(EIN,NAME,HOME_PHONENUMBER,MOBILE_PHONENUMBER,EMAIL,PROPERTY_CIN)" +
"VALUES (" + mein.getText() + "," + mname.getText() +","+ mHome_phonenumber.getText() +","+ MMobile_phonenumber.getText()+"," + memail.getText() + ","+mproperty_cin.getText()+")";
Upvotes: 0
Views: 6879
Answers (2)
Amir Pashazadeh
Reputation: 7322
The best solution is using a java.sql.PreparedStatement.
- It prevents SQL injection
- Escapes invalid characters in your Strings (such as
') and the characters which will break your query - handles null and empty Strings
- Uses Oracle's query parsing cache (for better performance)
- Handles types such as Date and Blob much easier
Just google for java PreparedStatemnt and you see lots of samples.
Upvotes: 2
Alen Oblak
Reputation: 3325
You should put your values inside quotes.
String addManager = "INSERT INTO property_manager(EIN,NAME,HOME_PHONENUMBER,MOBILE_PHONENUMBER,EMAIL,PROPERTY_CIN)" +
"VALUES ('" + mein.getText() + "','" + mname.getText() +"','"+ mHome_phonenumber.getText() +"','"+ MMobile_phonenumber.getText()+"','" + memail.getText() + "','"+mproperty_cin.getText()+"')";
Or better yet, use parameters. Otherwise you risk sql injection attack.
Upvotes: 0
Related Questions
- PreparedStatement error
- ORA-00928 missing SELECT keyword in Oracle
- Syntax error in prepared statement that runs in SQL
- PreparedStatement: Missing expression on single quote (ORA-00936)
- SQL Syntax Error in Java
- java.sql.SQLException: invalid column index
- "ORA-01008: not all variables bound" error
- Prepared Statement Error
- getting java.sql.SQLSyntaxErrorException: ORA-00936: missing expression error
- Oracle error "SQL command not properly ended" (ORA-00933) for Java prepared statement