1

I'm not able to execute the query here.It says the above mentioned error.I have tried with 'Select * from customer' query and it is working.I can't figure out where am i going wrong.Please help and thanks in advance.

The full query is- SELECT CUSTOMER_ID,FIRST_NAME,LAST_NAME,COUNTRY,AGE,GENDER,EMAIL_ADDRESS FROM CUSTOMER WHERE FIRST_NAME='SHIVAM';

The error message is- com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErr orException: Unknown coloumn 'SHIVAM' in 'where clause'

DefaultTableModel model;
model=(DefaultTableModel)tblSearchCustomer.getModel();
try{
 Class.forName("java.sql.Driver");
 Connection con= DriverManager.getConnection("jdbc:mysql://localhost:3306/divign","root","password");
 Statement stmt=con.createStatement();

 String sfld=(String) searchfldCB.getSelectedItem();
//this stands for Search Field(ComboBox)
 String op=(String) opCB.getSelectedItem();
//this stands for operator(ComboBox) 
 String crit=criteriaTF.getText();
 //this stands for criteria
 String query="SELECT CUSTOMER_ID,FIRST_NAME,LAST_NAME,COUNTRY,AGE,GENDER,EMAIL_ADDRESS FROM CUSTOMER WHERE" + sfld+""+op+""+crit+" ;";
 //This Query is not Executing
 ResultSet rs=stmt.executeQuery(query);
 while(rs.next()) {
     model.addRow (new Object[ ] {

       rs.getInt(1),rs.getString(2),rs.getString(3),rs.getString(4),rs.getInt(5),
       rs.getString(6),rs.getInt(7)
     } );

 }
rs.close();
stmt.close();
con.close();
 }
catch(Exception e){   
JOptionPane.showMessageDialog(null,e.toString());
}
Improve this question
4
  • Can you provide the full query and error ? Commented Nov 4, 2015 at 20:05
  • 1
    Please post the generated query and the error message. As a guess, you almost certainly are missing some spaces in WHERE" + sfld+""+op+""+crit+" ; Commented Nov 4, 2015 at 20:06
  • com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErr orException: Unknown coloumn 'SHIVAM' in 'where clause' Commented Nov 4, 2015 at 20:14
  • SELECT CUSTOMER_ID,FIRST_NAME,LAST_NAME,COUNTRY,AGE,GENDER,EMAIL_ADDRESS FROM CUSTOMER WHERE FIRST_NAME='SHIVAM' ; Commented Nov 4, 2015 at 20:15

3 Answers 3

Reset to default
2

When you generate your query, there are no single quotes in your where statement, which means you'll get WHERE FIRST_NAME=SHIVAM, so it tries to compare first_name to a column called SHIVAM which doesn't exist

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is the best answer so far, only because it does not offer a "solution" that continues to use dynamic SQL. It would be a much better answer if it mentioned that using a parameterized query would have avoided the problem in the first place, and that all of the other "solutions" are still vulnerable to SQL injection.
1

So here is the corrected query-

String query="SELECT CUSTOMER_ID,FIRST_NAME,LAST_NAME,PASSWORD,ADDRESS,COUNTRY,AGE,GENDER,EMAIL_ADDRESS,PHONE_NUMBER FROM CUSTOMER WHERE " +sfld+" "+op+" '"+crit+"' ;";

Notice the inverted commas around crit....now if i type SHIVAM in jTextField (criteriaTF) the name will be executed in MySQL with inverted commas i.e. 'SHIVAM'

Improve this answer

Comments

0

String query="SELECT CUSTOMER_ID,FIRST_NAME,LAST_NAME,COUNTRY,AGE,GENDER,EMAIL_ADDRESS FROM CUSTOMER WHERE" + sfld+""+op+""+crit+" ;";

In the where condition you haven't mentioned the column name to assign the value of sfld+""+op+""+crit.

You have to provide the column name next to where clause.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.