OiRc
Reputation: 1622
Syntax Error with mysql in java
I don' t understand why eclipse tell me this error for this query:
ResultSet rs = st.executeQuery("select * from '"+ value3+ "' where Name='" + value1 + "' and Password='"+ value2 + "'");
error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''f' where Name='f' and Password='f'' at line 1
Upvotes: 0
Views: 84
Answers (1)
peter.petrov
Reputation: 39457
1) Try this.
ResultSet rs = st.executeQuery("select * from `" + value3 + "` where Name='" +
value1 + "' and Password='"+ value2 + "'");
See here:
MySQL Identifiers
The identifier quote character is the backtick ("`") in MySQL.
2) Also, as you're not using PreparedStatement, if your Name or
Password contains ' you will have issues. Your code is vulnerable
to SQL injection.
See also:
PreparedStatement
SQL injection
Upvotes: 3