Execution of SQL statement in Java function

Question

I have to read the below SQL statement from one properties.

update  scoreconfig  set scorestatus=0 where scoreversion=props.getProperty("scoreversion");

And value for score version I've to take it from other properties file.

But, when I prepare a statement in java function as below:

final String query = strLine;
PreparedStatement ps=con.prepareStatement(query);

where query has

update  scoreconfig  set scorestatus=0 where scoreversion=props.getProperty("scoreversion");

But I get

Error: ORA-00911: invalid character

...when I do ps.execute();

Welcome to Stack Overflow! When you were asking your question, there was a [?] link above the question textbox and a How to Format box to the right of it, listing amongst other things how you mark up code to make it readable in the question. Well worth a read. I was about to fix it for you, but rsp beat me to it. :-) — T.J. Crowder
– T.J. Crowder, Commented Nov 20, 2011 at 10:00
@user829710 Welcome to StackOverflow! I recommend you to change your username. — Alba Mendez
– Alba Mendez, Commented Nov 20, 2011 at 10:02
@jmendeth: I think your edit goes a bit too far. (Just my opinion, others may differ.) rsp's looks fine other than putting the "where query =" bit in the code block. — T.J. Crowder
– T.J. Crowder, Commented Nov 20, 2011 at 10:11
I think the where query has = ... is not part of the java code; the author wanted to say: In the avobe code, the query variable contains the previously readen SQL (update scoreconfig set scorestatus ...) (This is why I replaced it with a comment) Don't you think that? — Alba Mendez
– Alba Mendez, Commented Nov 20, 2011 at 10:17
@jmendeth: I do indeed, that's why I said that about rsp's version. I've updated it now that the pending edit is gone. — T.J. Crowder
– T.J. Crowder, Commented Nov 20, 2011 at 16:56

T.J. Crowder · Accepted Answer · 2011-11-20 10:09:11Z

I assume props is a Properties instance or similar. If so, the props.getProperty("scoreversion") part is meant to happen at the Java layer, not in the database. Instead:

String sql = "update scoreconfig set scorestatus=0 where scoreversion=?";
PreparedStatement ps = con.prepareStatement(sql);
// If scoreversion is a String:
ps.setString(1, props.getProperty("scoreversion"));
ResultSet rs = ps.executeQuery();

...or if scoreversion is an int, use this instead of the setString line:

// It scoreversion is an int:
ps.setInt(1, Integer.parseInt(props.getProperty("scoreversion")));

...etc., convert as appropriate.

Basically, when you use prepareStatement, you use ? where parameters should go, and then you use setXyz on the PreparedStatement instance to set those parameters. (Oddly, they start with 1, not 0.) Note that even when the parameter is a String, you don't put quotes around it in the SQL you pass into prepareStatement; that's handled for you (along with properly escaping that string to prevent SQL injection, so PreparedStatement and setXyz are your friends, you'll get to know them well).

Collectives™ on Stack Overflow

Execution of SQL statement in Java function

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related