Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Connectivity: Oracle

Posted on 2004-10-27
23
Medium Priority
?
195 Views
Last Modified: 2010-08-05
I've written this code, and I get an error I've got no clue about how to deal with.

I'm getting:
ORA-00911: invalid character

--- Code ---
private void execQuery(int brukertype, String user, String passw)
(...)
            if (brukertype == 2) {
                  btype = "A";
                  try {
                        stmt = con.createStatement();
                        rs = stmt.executeQuery(
                              "SELECT brukernavn" +
                              " FROM pj301brukere" +
                              " WHERE brukernavn = " + user +
                              " AND passord = " + passw +
                              " AND brukertype = " + btype + ";");
                        AdminMeny app2 = new AdminMeny();
                        rs.close();
                        stmt.close();
                  } catch (SQLException e) {
                        JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                        JOptionPane.showMessageDialog(null, e);
                  } // end try/catch
            } // end if
--- End Code ---
0
Comment
Question by:Gaute Rønningen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 5
  • +2
23 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 12421233
You should be quoting your Strings
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 12421244
>>" WHERE brukernavn = " + user +

should be

" WHERE brukernavn = '" + user + "'" +

etc.

0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421246
looks your user or passw contains strange/invalid characters.
Can you print them out?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 13

Expert Comment

by:petmagdy
ID: 12421262

in ur SQL statment for String values a quate (') is required arround the value of String change the SQL statment to:


                        "SELECT brukernavn" +
                         " FROM pj301brukere" +
                         " WHERE brukernavn = ' " + user +
                         "' AND passord = '" + passw +
                         "' AND brukertype = " + btype + ";");

I added the single quates
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421276
CEHJ is certainly right.
Also, I don't think you need the " ; " at the end.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 12421302
>>AND passord =

shouldn't that be 'password'?
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421304
...or you could use a Prepared statement

PreparedStatement pstmt = con.prepareStatement(""SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
pstmt.setString(1, user);
pstmt.setString(2, passw);
pstmt.setString(3, bType);

PS. petmagdy forgot to quote btype
0
 
LVL 37

Accepted Solution

by:
zzynx earned 500 total points
ID: 12421317
Typo (no double quotes at the beginning of course):

PreparedStatement pstmt = con.prepareStatement("SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12421321
You should really be using PreparedStatements too...

          PreparedStatement stmt = null ;
(...)
          if (brukertype == 2) {
               btype = "A";
               try {
                    stmt = con.prepareStatement( "SELECT brukernavn" +
                                                                     " FROM pj301brukere" +
                                                                     " WHERE brukernavn=? " +
                                                                           " AND passord=? " +
                                                                           " AND brukertype=?" );
                    stmt.setString( 1, user ) ;
                    stmt.setString( 2, passw ) ;
                    stmt.setString( 3, btype ) ;
                    rslt = stmt.executeQuery() ;
                    AdminMeny app2 = new AdminMeny();
                    rs.close();
                    stmt.close();
               } catch (SQLException e) {
                    JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                    JOptionPane.showMessageDialog(null, e);
               } // end try/catch
          } // end if
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12421323
bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421327
...and

    bType

should be

    btype

obviously
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421333
>> bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
:)
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12421366
and

                    rslt = stmt.executeQuery() ;

should be

                    rs = stmt.executeQuery() ;

in my example ;-)
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 12421382
PreparedStatements are actually not invariably the thing to do merely to ensure correct quoting. They have an overhead, which will mean that they will be less efficient if not used in a proper way
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12421403
yeah, but they will prevent the huge errors he's going to get when someone puts a single quote into their username or password...
0
 

Author Comment

by:Gaute Rønningen
ID: 12421418
E-mail got EE spammed...

Thank you, :-D
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12421421
Bah!  Curse you zzynx and your faster, shorter answers! :-(

;-)
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 12421437
PrepS probably better here, yes
0
 

Author Comment

by:Gaute Rønningen
ID: 12421449
>> >>AND passord =
>>
>> shouldn't that be 'password'?

Norwegian... ;-)
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421463
Thanks for accepting.

>> E-mail got EE spammed...
:°)

>> Curse you zzynx and your faster, shorter answers!
Sorry Tim ;°)
0
 

Author Comment

by:Gaute Rønningen
ID: 12421510
Another thing; the:

 AdminMeny app2 = new AdminMeny();

Should be able open a new frame, right?
Well... it doesn't, and yea it's completed...


0
 

Author Comment

by:Gaute Rønningen
ID: 12421548
Creating new question... heh...
0
 
LVL 37

Expert Comment

by:zzynx
ID: 12421618
>> Should be able open a new frame, right?
Can't say without the seeing the code for AdminMeny()

>>Creating new question... heh...
Yeah, that's better indeed.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question