I'm trying to insert some values into my table which is created of executing this query
public static final String tableName = "ACCOUNT_TABLE";
statement.executeUpdate("CREATE TABLE "+ tableName +" (" +
" ID INTEGER NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY ("+
" START WITH 1, INCREMENT BY 1), username VARCHAR(15), password VARCHAR(100)" + ")");
after that when table were created successfully, I'm calling register method to insert user into table
public boolean registerAccount(final User user){
if (statement != null){
final String userName = user.getUserName();
final String password = user.getPassword();
try {
return statement.execute("INSERT INTO "+tableName +" VALUES (" + userName +"," + password +")");
} catch (SQLException e) {
e.printStackTrace();
}
}
return false;
}
at this example userName == "TEST" and password == "123"
here
return statement.execute("INSERT INTO "+tableName+" VALUES (" + userName +"," + password +")");
throws exception
java.sql.SQLSyntaxErrorException: Column 'TEST' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE statement then 'TEST' is not a column in the target table.
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.ConnectionChild.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
'username'
so your query should look like this statement.execute("INSERT INTO "+tableName +" VALUES ('" + userName +"','" + password +"')");
But this is not secure, to avoid any Syntax error or SQL Inject, you have to use PreparedStatement instead.
about this error java.sql.SQLSyntaxErrorException
this happen because you don't specify which columns you want to insert in your query, so it should look like this :
INSERT INTO tableName(username_col, password_col) VALUES ('userName', 'password') //-----------------------^-------------^----------------------^-----------^
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With