0

I'm getting this error while trying to run this code You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''And StatusMembership=Active' at line 1

public boolean checkLenderToIfExists(BorrowedBook borrowedBook) throws SQLException {
    try {
        Statement stmt = con.createStatement();
        ResultSet rs = stmt.executeQuery("SELECT * FROM library_students.student WHERE StudentID='"+ borrowedBook.getLenderTo()+"'And Permission=1"+"'And StatusMembership='Active'");
        if (!(rs.next())) {
            return false;
        }
        rs.close();
        return true;
    } catch (SQLException ex) {
        ex.printStackTrace();
        return false;
    }
Improve this question
5
  • 'And I think you'll need to remove that first ' there. Or you need one before the 1 Commented Jan 28, 2019 at 13:33
  • The error is telling you there's an error in your SQL code, not in the Java code which generates your SQL code. Start by looking at the runtime value of "SELECT * FROM library_students.student WHERE StudentID='"+ borrowedBook.getLenderTo()+"'And Permission=1"+"'And StatusMembership='Active'" when the error occurs. Commented Jan 28, 2019 at 13:33
  • To prevent more errors of this type and SQL injection, I suggest you use prepared statements Commented Jan 28, 2019 at 13:37
  • You should learn about prepared statements Commented Jan 28, 2019 at 13:39
  • No space in the query? Commented Jan 28, 2019 at 13:40

2 Answers 2

Reset to default
4

You're generating the next query : 

SELECT * FROM library_students.student WHERE StudentID='10'And 
Permission=1'And StatusMembership='Active'

Probably the error is because of extra single quotes ' in Permission=1'And

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

It might be happening because of the spacing in the query. Try the following format with PreparedStatement:

PreparedStatement preparedStatement = conn.prepareStatement("SELECT * FROM "
        + "library_students.student WHERE StudentID= ? "
        + "AND Permission=1 AND StatusMembership='Active'");
preparedStatement.setInt(1, borrowedBook.getLenderTo());
ResultSet rs = preparedStatement.executeQuery();

Also, here's some bonus reading on why you should use PreparedStatement in this case.

Improve this answer

6 Comments

Darshan I thought that would have been the issue, the missing spaces (hence my upvote), but well... check this DB Fiddle
@Cid have you tried copy pasting the above query in the console? I think it might be both spacing and the quotes. However, I suggested PreparedStatement solution to get rid of quotes and have a clean query.
Do you mean Naya's one?
I totally agree with you concerning the spaces and the prepared statements (too much people here don't care about it) but it looks like MySQL accept such statements StudentID='10'And Permission=1
@Cid Agreed, MySQL does accept such parameters. I have updated my answer.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.