MySQL Lists: win32: Re: Ignoring or filtering ' char

List:	MySQL on Win32	« Previous Message Next Message »
From:	Cadbury	Date:	August 4 2004 12:52pm
Subject:	Re: Ignoring or filtering ' char
View as plain text

gee,thank god,thanx tiago for helping...i'm sorry for
the late reply..

it does solve my problem..however one problem occured
when i try to use the preparedstatement twice.. here's
what i mean..before that here's a part of my source
code.

----------------------------------------------------
query = "select status from userinfo where UserEmail=?
and password =?;";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1,UserLogin);
ps.setString(2,UserPassword);
rs = ps.executeQuery();

while (rs.next()){
   st = rs.getString("status");
}
	
query = "select * from emaildata where UserEmail =?
order by EmailDate desc limit 1;";
ps=con.prepareStatement(query);
ps.setString(1,UserLogin);
		
rs = ps.executeQuery(query);
		
----------------------------------------------------
the error msg below will appear:
----------------------------------------------------
Some exception: Syntax error or access violation,
message from server: "You have an error in your SQL
syntax. Check the manual that corresponds to your
MySQL server version for the right syntax to use near
'? order by EmailDate desc limit 1' at line 1"
----------------------------------------------------
it seems that my second part of the 
ps=con.prepareStatement(query);
can't be executed, although the syntax is correct..
did i miss anything?

thanks a lot for helping.


--- Tiago Serafim <tserafim@stripped> wrote:

> Hi,
> 
> Here is a tip for you, try to make all your inserts
> statements
> declaring all the fields, like this:
> insert into tablename (field1, field2) values
> (value1, value2)
> 
> This will avoid lots of troubles when your table
> structure changes...
> 
> In Java, you should avoid to create raw querys,
> insted use a
> PreparedStatement, a PreparedStatement use yours
> mysql connector
> implemetation to put data in right format....
> 
> Here is a example how your code might look:
> 
> String sql = "INSERT userinfo (yourFieldNameHere)
> VALUES (?)";
> 
> PreparedStatement ps = conn.prepareStatement(sql); 
> 
> ps.setString(1, emailSubject);
> 
> ps.execute();
> 
> 
> Look the javadoc for all methods:
>
http://java.sun.com/j2se/1.4.2/docs/api/java/sql/PreparedStatement.html
> 
> Hope it helps you....
> 
> ps:sorry my bad english
> 
> Regards,
> 
> On Thu, 29 Jul 2004 19:47:10 -0700 (PDT), Cadbury
> <codename13th@stripped> wrote:
> > hi
> > 
> > i'm using Java to write a program that access
> mysql
> > database. here's a part of the java program source
> > code:
> > 
> >
>
---------------------------------------------------------
> > query = "insert into userinfo values ('" +
> > emailSubject + "');";
> > executeUpdate(query);
> >
>
---------------------------------------------------------
> > 
> > basically what the program does is it will insert
> an
> > incoming email's subject into a mysql table.
> > 
> > the problem occurs when the subject has the
> character
> > ' in it. For example if the subject is something
> like
> > :"You've got a mail",mysql will give an exception
> > which looks something like this:
> > 
> >
>
------------------------------------------------------
> > java.sql.SQLException: Syntax error or access
> > violation,  message from server: "
> > You have an error in your SQL syntax.  Check the
> > manual that corresponds to your MySQL server
> version
> > for the right syntax to use near 've got
> > 
> > ','Fri Jul 30 10:11:04 GMT+08:00 2004')' at line
> 1"
> >
>
------------------------------------------------------
> > from what I can see MySql treats the ' char as
> part of
> > mysql syntax. how can i overcome this problem? any
> > help are greatly appreciated.
> > 
> > Thanx.
> > 
> > __________________________________
> > Do you Yahoo!?
> > New and Improved Yahoo! Mail - 100MB free storage!
> > http://promotions.yahoo.com/new_mail
> > 
> > --
> > MySQL Windows Mailing List
> > For list archives: http://lists.mysql.com/win32
> > To unsubscribe:   
>
http://lists.mysql.com/win32?unsub=1
> > 
> > 
> 
> 
> -- 
> Tiago Serafim
> tserafim@stripped
> 
> -- 
> MySQL Windows Mailing List
> For list archives: http://lists.mysql.com/win32
> To unsubscribe:   
>
http://lists.mysql.com/win32?unsub=1
> 
> 



		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail

Thread
• Using a Blob with the ByteFX data provider	Nick Randell	16 Jul
• RE: Using a Blob with the ByteFX data provider	Reggie Burnett	19 Jul
• RE: Using a Blob with the ByteFX data provider	Nick Randell	20 Jul
• Suggested settings for dual processor machine?	East Bay Technologies	20 Jul
• RE: Using a Blob with the ByteFX data provider	Reggie Burnett	20 Jul
• Should I use myISAM or InnoDB??	East Bay Technologies	21 Jul
• Should I use myISAM or InnoDB??	East Bay Technologies	23 Jul
• Suggested settings for dual processor machine?	East Bay Technologies	23 Jul
• RE: Should I use myISAM or InnoDB??	PF: MySQL	23 Jul
• Question about Insert Statement	Danny Willis	23 Jul
• Re: Question about Insert Statement	Tata Respecia	24 Jul
• Ignoring or filtering ' char	Cadbury	30 Jul
• Strange site error.	Danny Willis	30 Jul
• Re: Ignoring or filtering ' char	Tiago Serafim	30 Jul
• Re: Ignoring or filtering ' char	Cadbury	4 Aug
• Re: Ignoring or filtering ' char	Tiago Serafim	4 Aug
• Re: Ignoring or filtering ' char	Cadbury	5 Aug
• Re: Ignoring or filtering ' char	Petr Vileta	30 Jul
• Re: Ignoring or filtering ' char	Tiago Serafim	30 Jul
• Re: Question about Insert Statement	Randy Clamons	24 Jul