• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Connectivity: Oracle

I've written this code, and I get an error I've got no clue about how to deal with.

I'm getting:
ORA-00911: invalid character

--- Code ---
private void execQuery(int brukertype, String user, String passw)
(...)
            if (brukertype == 2) {
                  btype = "A";
                  try {
                        stmt = con.createStatement();
                        rs = stmt.executeQuery(
                              "SELECT brukernavn" +
                              " FROM pj301brukere" +
                              " WHERE brukernavn = " + user +
                              " AND passord = " + passw +
                              " AND brukertype = " + btype + ";");
                        AdminMeny app2 = new AdminMeny();
                        rs.close();
                        stmt.close();
                  } catch (SQLException e) {
                        JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                        JOptionPane.showMessageDialog(null, e);
                  } // end try/catch
            } // end if
--- End Code ---
0
Gaute Rønningen
Asked:
Gaute Rønningen
  • 8
  • 5
  • 5
  • +2
1 Solution
 
CEHJCommented:
You should be quoting your Strings
0
 
CEHJCommented:
>>" WHERE brukernavn = " + user +

should be

" WHERE brukernavn = '" + user + "'" +

etc.

0
 
zzynxSoftware engineerCommented:
looks your user or passw contains strange/invalid characters.
Can you print them out?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
petmagdyCommented:

in ur SQL statment for String values a quate (') is required arround the value of String change the SQL statment to:


                        "SELECT brukernavn" +
                         " FROM pj301brukere" +
                         " WHERE brukernavn = ' " + user +
                         "' AND passord = '" + passw +
                         "' AND brukertype = " + btype + ";");

I added the single quates
0
 
zzynxSoftware engineerCommented:
CEHJ is certainly right.
Also, I don't think you need the " ; " at the end.
0
 
CEHJCommented:
>>AND passord =

shouldn't that be 'password'?
0
 
zzynxSoftware engineerCommented:
...or you could use a Prepared statement

PreparedStatement pstmt = con.prepareStatement(""SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
pstmt.setString(1, user);
pstmt.setString(2, passw);
pstmt.setString(3, bType);

PS. petmagdy forgot to quote btype
0
 
zzynxSoftware engineerCommented:
Typo (no double quotes at the beginning of course):

PreparedStatement pstmt = con.prepareStatement("SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
0
 
TimYatesCommented:
You should really be using PreparedStatements too...

          PreparedStatement stmt = null ;
(...)
          if (brukertype == 2) {
               btype = "A";
               try {
                    stmt = con.prepareStatement( "SELECT brukernavn" +
                                                                     " FROM pj301brukere" +
                                                                     " WHERE brukernavn=? " +
                                                                           " AND passord=? " +
                                                                           " AND brukertype=?" );
                    stmt.setString( 1, user ) ;
                    stmt.setString( 2, passw ) ;
                    stmt.setString( 3, btype ) ;
                    rslt = stmt.executeQuery() ;
                    AdminMeny app2 = new AdminMeny();
                    rs.close();
                    stmt.close();
               } catch (SQLException e) {
                    JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                    JOptionPane.showMessageDialog(null, e);
               } // end try/catch
          } // end if
0
 
TimYatesCommented:
bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
0
 
zzynxSoftware engineerCommented:
...and

    bType

should be

    btype

obviously
0
 
zzynxSoftware engineerCommented:
>> bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
:)
0
 
TimYatesCommented:
and

                    rslt = stmt.executeQuery() ;

should be

                    rs = stmt.executeQuery() ;

in my example ;-)
0
 
CEHJCommented:
PreparedStatements are actually not invariably the thing to do merely to ensure correct quoting. They have an overhead, which will mean that they will be less efficient if not used in a proper way
0
 
TimYatesCommented:
yeah, but they will prevent the huge errors he's going to get when someone puts a single quote into their username or password...
0
 
Gaute RønningenOwner, DeveloperAuthor Commented:
E-mail got EE spammed...

Thank you, :-D
0
 
TimYatesCommented:
Bah!  Curse you zzynx and your faster, shorter answers! :-(

;-)
0
 
CEHJCommented:
PrepS probably better here, yes
0
 
Gaute RønningenOwner, DeveloperAuthor Commented:
>> >>AND passord =
>>
>> shouldn't that be 'password'?

Norwegian... ;-)
0
 
zzynxSoftware engineerCommented:
Thanks for accepting.

>> E-mail got EE spammed...
:°)

>> Curse you zzynx and your faster, shorter answers!
Sorry Tim ;°)
0
 
Gaute RønningenOwner, DeveloperAuthor Commented:
Another thing; the:

 AdminMeny app2 = new AdminMeny();

Should be able open a new frame, right?
Well... it doesn't, and yea it's completed...


0
 
Gaute RønningenOwner, DeveloperAuthor Commented:
Creating new question... heh...
0
 
zzynxSoftware engineerCommented:
>> Should be able open a new frame, right?
Can't say without the seeing the code for AdminMeny()

>>Creating new question... heh...
Yeah, that's better indeed.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 8
  • 5
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now