Solved

Connectivity: Oracle

Posted on 2004-10-27
193 Views
Last Modified: 2010-08-05
I've written this code, and I get an error I've got no clue about how to deal with.

I'm getting:
ORA-00911: invalid character

--- Code ---
private void execQuery(int brukertype, String user, String passw)
(...)
            if (brukertype == 2) {
                  btype = "A";
                  try {
                        stmt = con.createStatement();
                        rs = stmt.executeQuery(
                              "SELECT brukernavn" +
                              " FROM pj301brukere" +
                              " WHERE brukernavn = " + user +
                              " AND passord = " + passw +
                              " AND brukertype = " + btype + ";");
                        AdminMeny app2 = new AdminMeny();
                        rs.close();
                        stmt.close();
                  } catch (SQLException e) {
                        JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                        JOptionPane.showMessageDialog(null, e);
                  } // end try/catch
            } // end if
--- End Code ---
0
Question by:Gaute Rønningen
    23 Comments
     
    LVL 86

    Expert Comment

    by:CEHJ
    You should be quoting your Strings
    0
     
    LVL 86

    Expert Comment

    by:CEHJ
    >>" WHERE brukernavn = " + user +

    should be

    " WHERE brukernavn = '" + user + "'" +

    etc.

    0
     
    LVL 37

    Expert Comment

    by:zzynx
    looks your user or passw contains strange/invalid characters.
    Can you print them out?
    0
     
    LVL 13

    Expert Comment

    by:petmagdy

    in ur SQL statment for String values a quate (') is required arround the value of String change the SQL statment to:


                            "SELECT brukernavn" +
                             " FROM pj301brukere" +
                             " WHERE brukernavn = ' " + user +
                             "' AND passord = '" + passw +
                             "' AND brukertype = " + btype + ";");

    I added the single quates
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    CEHJ is certainly right.
    Also, I don't think you need the " ; " at the end.
    0
     
    LVL 86

    Expert Comment

    by:CEHJ
    >>AND passord =

    shouldn't that be 'password'?
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    ...or you could use a Prepared statement

    PreparedStatement pstmt = con.prepareStatement(""SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
    pstmt.setString(1, user);
    pstmt.setString(2, passw);
    pstmt.setString(3, bType);

    PS. petmagdy forgot to quote btype
    0
     
    LVL 37

    Accepted Solution

    by:
    Typo (no double quotes at the beginning of course):

    PreparedStatement pstmt = con.prepareStatement("SELECT brukernavn FROM pj301brukere WHERE brukernavn = ? AND passord = ? AND brukertype = ?");
    0
     
    LVL 35

    Expert Comment

    by:TimYates
    You should really be using PreparedStatements too...

              PreparedStatement stmt = null ;
    (...)
              if (brukertype == 2) {
                   btype = "A";
                   try {
                        stmt = con.prepareStatement( "SELECT brukernavn" +
                                                                         " FROM pj301brukere" +
                                                                         " WHERE brukernavn=? " +
                                                                               " AND passord=? " +
                                                                               " AND brukertype=?" );
                        stmt.setString( 1, user ) ;
                        stmt.setString( 2, passw ) ;
                        stmt.setString( 3, btype ) ;
                        rslt = stmt.executeQuery() ;
                        AdminMeny app2 = new AdminMeny();
                        rs.close();
                        stmt.close();
                   } catch (SQLException e) {
                        JOptionPane.showMessageDialog(null, "Feil brukernavn/passord");
                        JOptionPane.showMessageDialog(null, e);
                   } // end try/catch
              } // end if
    0
     
    LVL 35

    Expert Comment

    by:TimYates
    bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    ...and

        bType

    should be

        btype

    obviously
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    >> bah...zzynx beat me ;-)  too much bloody typing on my part ;-)
    :)
    0
     
    LVL 35

    Expert Comment

    by:TimYates
    and

                        rslt = stmt.executeQuery() ;

    should be

                        rs = stmt.executeQuery() ;

    in my example ;-)
    0
     
    LVL 86

    Expert Comment

    by:CEHJ
    PreparedStatements are actually not invariably the thing to do merely to ensure correct quoting. They have an overhead, which will mean that they will be less efficient if not used in a proper way
    0
     
    LVL 35

    Expert Comment

    by:TimYates
    yeah, but they will prevent the huge errors he's going to get when someone puts a single quote into their username or password...
    0
     

    Author Comment

    by:Gaute Rønningen
    E-mail got EE spammed...

    Thank you, :-D
    0
     
    LVL 35

    Expert Comment

    by:TimYates
    Bah!  Curse you zzynx and your faster, shorter answers! :-(

    ;-)
    0
     
    LVL 86

    Expert Comment

    by:CEHJ
    PrepS probably better here, yes
    0
     

    Author Comment

    by:Gaute Rønningen
    >> >>AND passord =
    >>
    >> shouldn't that be 'password'?

    Norwegian... ;-)
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    Thanks for accepting.

    >> E-mail got EE spammed...
    :°)

    >> Curse you zzynx and your faster, shorter answers!
    Sorry Tim ;°)
    0
     

    Author Comment

    by:Gaute Rønningen
    Another thing; the:

     AdminMeny app2 = new AdminMeny();

    Should be able open a new frame, right?
    Well... it doesn't, and yea it's completed...


    0
     

    Author Comment

    by:Gaute Rønningen
    Creating new question... heh...
    0
     
    LVL 37

    Expert Comment

    by:zzynx
    >> Should be able open a new frame, right?
    Can't say without the seeing the code for AdminMeny()

    >>Creating new question... heh...
    Yeah, that's better indeed.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
    Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
    Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
    This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now