Here is my query
result = s.executeUpdate("INSERT INTO order " + "VALUES ('" + id.getText() + "','" + name.getText() + "', '" + code.getText() + "','" + price.getText() + "')");
I am getting this exception:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'order VALUES
(('1'),('1'),( '1'),('1')' at line 1
Order is a reserved word -- I wouldn't use it as a table name, but if you are stuck with it, just put back ticks around it. INSERT INTO `order` ...
You need to use backticks for reserved keywords,
result = s.executeUpdate("INSERT INTO `order` " + "VALUES ('" + id.getText() + "','" + name.getText() + "', '" + code.getText() + "','" + price.getText() + "')");
Also your code is prone to SQL injection. So you need to work on that as well. My suggestion is to use prepared statement to avoid SQL injection.
Also a good read: Preventing SQL Injection in Java
Ensure that none of your getters are sending characters that may cause the query be syntactically incorrect.
If your getter is returning a reserved character like the following:
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "#"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
*Then the statement will not function as intended.
This is why sanitation of inputs is important for any statement.
See more on allowed unencoded in query strings:
http://www.456bereastreet.com/archive/201008/what_characters_are_allowed_unencoded_in_query_strings/
Related
I was trying this expression but still getting error
((DT_STR,4000,1252)(LEFT(TOKEN([Date] ,"/",1),4) + "-" + RIGHT("0" + TOKEN([Date] ,"/",2),2) + "-" + RIGHT("0" + TOKEN([Date] ,"/",3),2) + " " ++ " " + TOKEN([Date] ,":",4)+ "-" + RIGHT("0" + TOKEN([Date] ,":",5),2) + "-" + RIGHT("0" + TOKEN([Date] ,":",6),2)))
Personally, I would use a script task. This assumes your string will always Parse to a DateTime. If not, look into TryParse().
Also, ParseExact() is even better but you didn't provide an example.
DateTime dt = DateTime.Parse(your date string);
string dtFormatted = dt.ToString("yyyy-MM-dd hh:mm:ss");
I will add one more caveat. You should probably treat this as a date and only format the date on the presentation layer.
I'm trying to create a Query based on an evaluation of an empty field.
Item: [Huis] & IIf(IsNull([Naam]), "", " / " & [Naam]) & IIf(IsNull([Druif]), "", " / " & [Druif]) & iif(IsNull([Type]), "", " / " & [Type])
It gives me a syntax error: Missing an operand or operator, you have entered an invalid character or comma or you have not enclosed the text in the expression in quotation marks.
I have tried other examples that are supposed to work here on stackoverflow, they all give the same error. What am I doing wrong?
I don't see an error either, but you can simplify your expression by taking advantage of the fact that & concatenates NULL values, but + doesn't.
Item: [Huis] & (" / " + [Naam]) & (" / " + [Druif]) & (" / " + [Type])
Each block, e.g. (" / " + [Naam]) will be NULL if the field is NULL.
I have a report which has 6 parameters within it. What I would like to do is make these parameters part of my report heading. My parameters are as follows:
#BMDataType1 Text
#BMDataComp1 Float
#BMDataType2 Text
#BMDataComp2 Float
#BMDataType3 Text
#BMDataComp3 Float
There will always be an #BMDataType1 and #BMDataComp1 parameter passed, the others can be null. What I need the heading to look like is if only #BMDataType1 and #BMdataComp1 are passed then the heading should be for example:
Benchmark1 100% Benchmark Constituents
So far I have coded for this below:
=Parameters!BMDataType1.Value + " " + Parameters!BMDataComp1.Value.ToString + "%" + " Benchmark Constituents"
However if #BMDataType2 and #BMDataComp2 are populated then I need the heading to look like this:
Benchmark1 50% Benchmark2 50% Benchmark Constituents
Same for if 3 are passed then:
Benchmark1 50% Benchmark2 30% Benchmark3 20% Benchmark Constituents
There will never be say a Benchmark 1 and Benchmark 3. It will only be ever 1, or 1 and 2 or 1, 2 and 3.
Can someone point me in the right direction of how to write the IIF statement for this checking to see if Benchmark2 and Benchmark3 parameters are NULL?
Thanks
EDIT:
After some work on this I came up with the following code, but I'm still getting:
"Object reference not set to an instance of an object"
My code is the following:
=IIF(
IIF(IsNothing(Parameters!BMDataType1.Value),1,0)=0 AND IIF(IsNothing(Parameters!BMDataType2.Value),1,0)=1 AND IIF(IsNothing(Parameters!BMDataType3.Value),1,0)=1
, Parameters!BMDataType1.Value + " " + Parameters!BMDataComp1.Value.ToString + "%" + " Benchmark Constituents"
, IIF(
IIF(IsNothing(Parameters!BMDataType1.Value),1,0)=0 AND IIF(IsNothing(Parameters!BMDataType2.Value),1,0)=0 AND IIF(IsNothing(Parameters!BMDataType3.Value),1,0)=1
, Parameters!BMDataType1.Value + " " + Parameters!BMDataComp1.Value.ToString + "%" + " " + Parameters!BMDataType2.Value + " " + Parameters!BMDataComp2.Value.ToString + "%" + " Benchmark Constituents"
, IIF(
IIF(IsNothing(Parameters!BMDataType1.Value),1,0)=0 AND IIF(IsNothing(Parameters!BMDataType2.Value),1,0)=0 AND IIF(IsNothing(Parameters!BMDataType3.Value),1,0)=0
, Parameters!BMDataType1.Value + " " + Parameters!BMDataComp1.Value.ToString + "%" + " " + Parameters!BMDataType2.Value + " " + Parameters!BMDataComp2.Value.ToString + "%" + " " + Parameters!BMDataType3.Value + " " + Parameters!BMDataComp3.Value.ToString + "%" + " Benchmark Constituents"
, " ")))
However if all 3 parameters are not null it returns no error and it populates the heading as I would like it displayed. How can this be?
I have not been using SSRS since May, but string concatination in SSRS use VB syntax. So instead of concat strings with a + sign, you have to use the & sign.
=Parameters!BMDataType1.Value & " " & Parameters!BMDataComp1.Value.ToString & "%" & " Benchmark Constituents"
I found the solution to this and my code is as of below:
=Parameters!BMDataType1.Value + " " + CStr(Parameters!BMDataComp1.Value) + "% "
+ IIF(IIF(IsNothing(Parameters!BMDataType2.Value),1,0)=0,Parameters!BMDataType2.Value + " " + CStr(Parameters!BMDataComp2.Value)+"%","") + " "
+ IIF(IIF(IsNothing(Parameters!BMDataType3.Value),1,0)=0,Parameters!BMDataType3.Value + " " + CStr(Parameters!BMDataComp3.Value)+"%","") + " Benchmark Constituents"
For whatever reason it was not liking the .ToString which was returning "Oject reference not set to an instance of an object". By wrapping this in CStr I was able to remove the error and get the solution I required.
Thanks for all the responses, they all helped.
Something like this should work for you:
=Parameters!BMDataType1.Value + " " + Parameters!BMDataComp1.Value.ToString + "%" + IIf(IsNothing(Parameters!BMDataType3.Value) OR IsNothing(Parameters!BMDataComp3.Value), IIf(IsNothing(Parameters!BMDataType2.Value) OR IsNothing(Parameters!BMDataComp2.Value), " Benchmark Constituents", " " + Parameters!BMDataType2.Value + " " + Parameters!BMDataComp2.Value.ToString + "%" + " Benchmark Constituents"), " " + Parameters!BMDataType2.Value + " " + Parameters!BMDataComp2.Value.ToString + "%" + " " + Parameters!BMDataType3.Value + " " + Parameters!BMDataComp3.Value.ToString + "%" + " Benchmark Constituents")
I am trying to filter a datagridview by the ID number, It keeps throwing an error ('Missing operand before 'Like' operator')
I keep getting this error only when filtering by a table ID column. It works fine if I filter by ('First_Name') or anything else but will not let me filter by ID. Any ideas?
Me.WelderNamesTableAdapter.FillBy(MacroQualityDataSet.welderNames)
Me.WelderNamesBindingSource.Filter = ("CONVERT(welderID, System.String) + [welderID] + LIKE + '%" & welderIDtxtbx.Text & "%'")
The + is not helping you here if welderID is a number that will not work.
This might
Me.WelderNamesTableAdapter.FillBy(MacroQualityDataSet.welderNames)
Me.WelderNamesBindingSource.Filter = ("CONVERT(System.String,welderID) LIKE + '%" & welderIDtxtbx.Text & "%'")
I didnt know whats wrong with this expression.This expression always return #error.how to solve this?
=MonthName(datepart("M",format(Fields!date.Value,"yyyy-MM-dd"))) + " " + datepart("yyyy",format(Fields!date.Value,"yyyy-MM-dd"))
expression works fine with just=MonthName(datepart("M",format(Fields!date.Value,"yyyy-MM-dd"))), when added + " " + datepart("yyyy",format(Fields!date.Value,"yyyy-MM-dd")) become error.curious.
Use & instead of + to concatenate strings in SSRS expressions - Operators in Expressions (Report Builder and SSRS)
=MonthName(datepart("M",format(Fields!date.Value,"yyyy-MM-dd"))) & " " & datepart("yyyy",format(Fields!date.Value,"yyyy-MM-dd"))
Try ===>
=MonthName(datepart("m",format(Fields!date.Value,"yyyy-MM-dd"))) + " " + datepart("y",format(Fields!date.Value,"yyyy-MM-dd"))