We Keep Coding

Error running SQL statement generated in code

String query = "INSERT INTO `new_db2`(`name`, `price`, `add_date`, `image`) " + "VALUES ('"+name+"','"+p_price+"','"+date+"','"image"')";
i have ';' error expected in this Sql query please help me to solve this

I don't know the language you are using (I suppose Java) but may be you should write the statement like this:
String query = "INSERT INTO `new_db2`(`name`, `price`, `add_date`, `image`) " + "VALUES ('"+name+"','"+p_price+"','"+date+"','"+image+"')";
(lack of + before and after image)

Inserting an SQL query string into an SQL table

I want to insert an SQL query string into my database, but I always get an error because of the single quotes ''. I can't just double them '''', because then I can't execute the SQL query which is stored in the SQL database. Here is an example:
"INSERT INTO selections(selection_name, selection_sql, selection_besitzer, selection_sichtbarkeit, selection_standardSelektion)"
+ "VALUES ('"
+ "TestName"+"', '"
+ "Select * From customer where customer_adressnummer like '%1%';"+"', '"
+ "Select all from customer where X"+"', '"
+ "private"+"', '"
+ "0"+"')");
My question is: How can I insert this query into my SQL database without changing the String?
After I insert it I want to read it with my program and then execute the query based on the String in my database.
Here's the error message:
com.mysql.jdbc.MysqlDataTruncation: Data truncation: Truncated incorrect DOUBLE value: 'Select * From customer where customer_adressnummer like '
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3374)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3308)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1837)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1961)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2543)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1737)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2022)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1940)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1925)
at toolhouseserver.ExecutionThread.run(ExecutionThread.java:114)
at java.lang.Thread.run(Thread.java:745)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

Not surprisingly, the probability of encountering SQL injection issues is rather high when trying to use dynamic SQL to insert SQL strings into an SQL database. Save yourself the grief and just use a parameterized query, like this:
PreparedStatement ps = conn.prepareStatement(
"INSERT INTO selections (selection_name, selection_sql, selection_besitzer, selection_sichtbarkeit, selection_standardSelektion) " +
"VALUES (?,?,?,?,?)");
ps.setString(1, "TestName");
ps.setString(2, "Select * From customer where customer_adressnummer like '%1%';");
ps.setString(3, "Select all from customer where X");
ps.setString(4, "private");
ps.setString(5, "0");
ps.executeUpdate();

Inserting data into the mysql database from perl

I am trying to insert data into a MySQL database:
$response = $client->fql->query(
query => '
SELECT name, email, birthday, username, first_name, last_name, pic
FROM user
WHERE uid = me()
',
);
print join "\n Name:", sort map { $_->{name} } #$response;
$dbh->do("
INSERT INTO Users(SNo,Name,Email,Birthday,UserName,FirstName,LastName)
VALUES(1,
sort map { $_->{name} } #$response,
'imm\#gmail.com',
'1987/12/10',
'imm',
'imm',
'Dee')
");
$dbh->disconnect();
used the mysql query in one line.
This above print statement is printing the name correctly but why the above sql insert statement is not working?
I connect the db and after that i am receiving the value and printing in the browser is working.
Why does the mysql statement not accept the value?
When inserting the database is not working?

You should have a look at the official doc
and specially this :
# INSERT some data into 'foo'. We are using $dbh->quote() for
# quoting the name.
$dbh->do("INSERT INTO foo VALUES (1, " . $dbh->quote("Tim") . ")");
# Same thing, but using placeholders
$dbh->do("INSERT INTO foo VALUES (?, ?)", undef, 2, "Jochen");

INSERT INTO not working on newest xampp

$query = "INSERT INTO $stats_table_name (name, name_ID, anz_aufruf) VALUES ($plan_name, $plan_nr, $anz)";
echo "<br />".$query."<br />";
if (!mysql_query($query) && !$error) {
die (mysql_error());
}
mysql-error tells me:
INSERT INTO 'p_stats' ('name', 'name_ID', 'anz_aufruf') VALUES ('Laptop 1', '1', '95')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''p_stats' ('name', 'name_ID', 'anz_aufruf') VALUES ('Laptop 1', '1', '95')' at line 1
Where is the code wrong here?

the error is the wrapping of single quotes around table name.
Table names as well as column names are identifiers. They should be wrap if a name is a reserved keyword with backtick (optional if not). Single quotes are for string literal.
MySQL - when to use single quotes, double quotes, and backticks?

Use this.
$query = "INSERT INTO $stats_table_name (name, name_ID, anz_aufruf)
VALUES ('".$plan_name."', '".$plan_nr."', '".$anz."')";

$query = "INSERT INTO $stats_table_name (name, name_ID, anz_aufruf)
VALUES ('".$plan_name."', '".$plan_nr."', '".$anz."')";

same SQL concatenation opeartor for mysql,mssql,oracle

I am trying to use same sql statement for the above three DBMS .. but the problem is that it has string concatenation involved but there are different ways in each dbms for concatenation operation .. but i want the single operator .. Need someone's help

You can perhaps get around this in your application code by using a placeholder for concatenation in your sql statements, and then replacing it with the correct style for the rdbms you are using:
select {conpre} myfield1 {conmid} myfield2 {conmid} myfield3 {conend}
from mytable
Then in pseudo-code:
if rdbms is sqlserver
conpre = ""
conmid = " + "
conend = ""
else if rdbms is mysql
conpre = "concat("
conmid = ", "
conend = ")"
else if rdbms is oracle
conpre = ""
conmid = " || "
conend = ""
else if
' etc...
end if
stmt = replace(stmt, "{conpre}", conpre)
stmt = replace(stmt, "{conmid}", conmid)
stmt = replace(stmt, "{conend}", conend)

I'd avoid writing your own solution to the problem and use one of the muti-database tools already available. If you have come across this problem once you will come across it again soon.
I've no affiliation with the following but you could try Datanamic Multirun

The simple answer is to the question seems to be no.
However...
What if you create the package dbo in Oracle?
Is it not also possible in mysql to create a function called concat in a separate database called dbo, so that a function is called using the syntax dbo.concat(a, b, c)?
Unfortunately, mysql doesn't support default parameters(unless recently changed) or function overloading, so you would have to create on function for each number of arguments:
concat2(s1, s2)
concat3(s1, s2, s3)
and so on.

There is a way of doing this using ODBC escape sequences
SELECT {fn concat (col1, {fn concat (col2, col3)})}
FROM YourTable
From my current understanding this will work fine in SQL Server and MySQL but for Oracle is dependant upon connection method.

MySQL:
SELECT CONCAT('New ', 'York ', 'City');
Output is : New York City
Oracle:
SELECT 'The city' || ' is ' || 'Paris' FROM dual;
Output is : The city is Paris
SQL Server:
SELECT 'The city' + ' is ' + 'Paris';
Output is : The city is Paris
SELECT CONCAT('The city', ' is ', 'Paris');
Output is : The city is Paris