0

Hi I'm doing a query in java, i have java and posgres connected with the driver 9.3-1102-jdbc41

This is my query: query = "SELECT * FROM" +"\"users\" "+ " where user="+"'"+name+"'"+"and pass =" +"'"+pass+"'";

when I run it, this error appears:

Relation "users name" doesn't exist

Here and in others sites a possible solution is checking the quotes or the capital letters. But I´m sure about the capital letters and this is what I tried:

query = "SELECT * FROM" +"\"users\" "+ " where user="+"'"+name+"'"+"and pass =" +"'"+pass+"'";

query = "SELECT * FROM users  where user="+"'"+name+"'"+"and pass =" +"'"+pass+"'";

query = "SELECT * FROM" +"\"sysmar.users\" "+ " where user="+"'"+name+"'"+"and pass =" +"'"+pass+"'";

Error relation users does not exist 

"SELECT * FROM users  where user="+name+"and pass =" +pass;

syntax error near to pass

Thanks in advance for your answers and time

Improve this question
4
  • 1
    No space before and pass Commented Aug 6, 2014 at 11:42
  • In your first query there are blanks missing i think: query = "SELECT * FROM " +"\"users\" "+ " where user="+"'"+name+"'"+" and pass =" +"'"+pass+"'"; One blank after from and one before and pass Commented Aug 6, 2014 at 11:44
  • Try looking in the database with some tool first. That lists all tables for instance. First guess: you are in the wrong database scheme. Tools: NetBeans IDE, Toad e.a. Commented Aug 6, 2014 at 11:45
  • user is a reserved word in PostgreSQL and standard SQL. postgresql.org/docs/7.3/static/sql-keywords-appendix.html - P.S. What helps too, removing first a large part of the SQL, like the entire WHERE part. Commented Aug 6, 2014 at 11:49

3 Answers 3

Reset to default
1

try:

"SELECT * FROM users  where \"user\" ='"+name+"'and pass ='" +pass+"'";

But it's harmful for sql injection. See PreparedStatements.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

user is a reserved keyword and should be quoted.
yap. Didn't noticed. Edited @Cory
0

For PostgreSQL you shouldn't need to put quotes around the table name unless it's a reserved keyword. Users isn't a keyword, but user just so happens to be one of them.

Your query is hard enough to read with the extra concatenation operations and spacing issues. Perhaps there is a syntax error and you just need to clean it up:

q = "SELECT * FROM users WHERE \"user\" = '" + name + "' AND pass = '" + pass + "'";

You want the final evaluated string to look like (for example):

SELECT * FROM users WHERE "user" = 'cory' AND pass = '12345';

But as others have mentioned, you should also switch to using prepared statements. This code is probably vulnerable to SQL injection attacks.

Improve this answer

5 Comments

@JuanCamiloMejia: Updated. You were trying to quote users but instead you should be quoting user.
I tried this query = "SELECT * FROM users where name="+"'"+name+"'"+" and pass=" +"'"+pass+"'"; and this query = "SELECT * FROM "+"'"+"users"+"'"+ "where name="+"'"+name+"'"+" and pass=" +"'"+pass+"'"; but nothing changes
But now you've changed your user column name to name. Which is it? Also, you don't need to quote your table or column names unless they are reserved words. The only one you had before was the column user.
Im sorry for the mistake, now I tried "SELECT * FROM users where 'user'="+name+"and pass=" +pass; That shows syntax error near to pass. and I tried this also: "SELECT * FROM users where 'user'="+name+"and 'pass'=" +pass; But realation error appears
Use the first one but keep the single quotes around the name and password values just like I have in my answer and double quotes around the column names. You want the final query look something like SELECT * FROM users where "user" = 'cory' and pass = '12345'
0

You really shouldn't concatenate variables with SQL queries, you are becoming vulnerable to SQL injection then. You better be using Prepared Statements which will allow you to write queries in more readable and secure fashion.

Connection conn = DriverManager.getConnection(...);
String queryString = "SELECT * FROM users WHERE user = ? AND pass = ?";
PreparedStatement query = conn.prepareStatement(queryString);
query.setString(1, name);
query.setString(2, password);
ResultSet result = query.executeQuery();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.