From: Date: August 4 2004 12:52pm Subject: Re: Ignoring or filtering ' char List-Archive: http://lists.mysql.com/win32/15335 Message-Id: <20040804105240.64927.qmail@web60208.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii gee,thank god,thanx tiago for helping...i'm sorry for the late reply.. it does solve my problem..however one problem occured when i try to use the preparedstatement twice.. here's what i mean..before that here's a part of my source code. ---------------------------------------------------- query = "select status from userinfo where UserEmail=? and password =?;"; PreparedStatement ps = con.prepareStatement(query); ps.setString(1,UserLogin); ps.setString(2,UserPassword); rs = ps.executeQuery(); while (rs.next()){ st = rs.getString("status"); } query = "select * from emaildata where UserEmail =? order by EmailDate desc limit 1;"; ps=con.prepareStatement(query); ps.setString(1,UserLogin); rs = ps.executeQuery(query); ---------------------------------------------------- the error msg below will appear: ---------------------------------------------------- Some exception: Syntax error or access violation, message from server: "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '? order by EmailDate desc limit 1' at line 1" ---------------------------------------------------- it seems that my second part of the ps=con.prepareStatement(query); can't be executed, although the syntax is correct.. did i miss anything? thanks a lot for helping. --- Tiago Serafim wrote: > Hi, > > Here is a tip for you, try to make all your inserts > statements > declaring all the fields, like this: > insert into tablename (field1, field2) values > (value1, value2) > > This will avoid lots of troubles when your table > structure changes... > > In Java, you should avoid to create raw querys, > insted use a > PreparedStatement, a PreparedStatement use yours > mysql connector > implemetation to put data in right format.... > > Here is a example how your code might look: > > String sql = "INSERT userinfo (yourFieldNameHere) > VALUES (?)"; > > PreparedStatement ps = conn.prepareStatement(sql); > > ps.setString(1, emailSubject); > > ps.execute(); > > > Look the javadoc for all methods: > http://java.sun.com/j2se/1.4.2/docs/api/java/sql/PreparedStatement.html > > Hope it helps you.... > > ps:sorry my bad english > > Regards, > > On Thu, 29 Jul 2004 19:47:10 -0700 (PDT), Cadbury > wrote: > > hi > > > > i'm using Java to write a program that access > mysql > > database. here's a part of the java program source > > code: > > > > > --------------------------------------------------------- > > query = "insert into userinfo values ('" + > > emailSubject + "');"; > > executeUpdate(query); > > > --------------------------------------------------------- > > > > basically what the program does is it will insert > an > > incoming email's subject into a mysql table. > > > > the problem occurs when the subject has the > character > > ' in it. For example if the subject is something > like > > :"You've got a mail",mysql will give an exception > > which looks something like this: > > > > > ------------------------------------------------------ > > java.sql.SQLException: Syntax error or access > > violation, message from server: " > > You have an error in your SQL syntax. Check the > > manual that corresponds to your MySQL server > version > > for the right syntax to use near 've got > > > > ','Fri Jul 30 10:11:04 GMT+08:00 2004')' at line > 1" > > > ------------------------------------------------------ > > from what I can see MySql treats the ' char as > part of > > mysql syntax. how can i overcome this problem? any > > help are greatly appreciated. > > > > Thanx. > > > > __________________________________ > > Do you Yahoo!? > > New and Improved Yahoo! Mail - 100MB free storage! > > http://promotions.yahoo.com/new_mail > > > > -- > > MySQL Windows Mailing List > > For list archives: http://lists.mysql.com/win32 > > To unsubscribe: > http://lists.mysql.com/win32?unsub=tserafim@stripped > > > > > > > -- > Tiago Serafim > tserafim@stripped > > -- > MySQL Windows Mailing List > For list archives: http://lists.mysql.com/win32 > To unsubscribe: > http://lists.mysql.com/win32?unsub=codename13th@stripped > > __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail