0

I am trying to query data from my app, through postgresql DB. What I want to achieve is from "Users" where "Username"='stackoverflow'

If this query is written in the SQl editor and run, it gives the expected result.

Thus, am trying to send the query in the same format, as

String SQL_QUERY = "from " + "\"Users\"" + " where " + "Username" + "=" + "'" + request.getParameter("username") + "'";

When I run this, I get the following error: unexpected char: '"' [from "Users" where Username=user1]

If I remove the double quotes, it wont work, saying table named users doesn't exist. What is the way out of this deadlock? Where am I going wrong ??

Thank you.

Improve this question
1
  • Its not compulsory. It can be framed without select * Commented Feb 11, 2012 at 20:23

3 Answers 3

Reset to default
1

This should be what you want:

String username = request.getParameter("username");
String SQL_QUERY = "SELECT * FROM \"Users\" WHERE \"Username\" ='" + username + "'";

You can check this by 

System.out.println(SQL_QUERY);

which prints

SELECT * FROM "Users" WHERE "Username" ='foo'

ATTENTION/DANGER: This statement will solve your problem with the PostgreSQL mixed-case tablename and columnnames. BUT providing the value for Username to the query this way makes you vulnerable to even the easiest SQL-Injection attack. Please use PreparedStatement instead and write

String SQL_QUERY = "SELECT * FROM \"Users\" WHERE \"Username\" = ?";
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Error: SQL_QUERY-->SELECT * FROM "Users" WHERE "Username" ='user1' Feb 12, 2012 2:11:46 AM org.hibernate.hql.ast.ErrorCounter reportError SEVERE: *** ERROR: line 1:8: unexpected token: * unexpected char: '"' [SELECT * FROM "Users" WHERE "Username" ='user1']
Withough select *, error: SQL_QUERY-->FROM "Users" WHERE "Username" ='user1' unexpected char: '"' [FROM "Users" WHERE "Username" ='user1']
The hibernate part tells me, that you are not using SQL. This would also explain the missing SELECT ... part. Right?
Its HSQL that am using. Hibernate SQL
HSQL is not SQL, it is translated into SQL and has its completely own syntax. So... Do you have any mapping files (*.hbm.xml) or using any annotations to do the mappings? If so, edit your question by showing them and by bringing Hibernate officially into the game.
|
0

Where's the SELECT clause of the query? It needs to be something like this:

String SQL_QUERY= "SELECT * FROM Users WHERE Username='" + request.getParameter("username") + "'";

Or like this:

String SQL_QUERY= "SELECT FirstName, LastName, Email FROM Users WHERE Username='" + request.getParameter("username") + "'";

Here's a very similar example that uses PreparedStatement to avoid a SQL injection security attack: https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java

Improve this answer

4 Comments

Even specifying all columns rather than * ain't helping.
Error which i face when I frame wuery as u have suggested. :: SEVERE: ERROR: relation "users" does not exist Position: 126 could not execute query
If I give double quotes to "Users" then I get the error:: unexpected char: '"' [from "Users"where Username = 'user1']. Am confused on how to proceed on executing this query.
Using createNativeQuery() instead of createQuery() fixed it for me
0

Following the Postgresql syntax has in the end helped in getting a solution. Changed all the column names to small capitals and then tried, which solved most of the problems. Thanks to A.H

        String SQL_QUERY = "FROM Users WHERE username ='" + username + "'";
        Query query = objSession.createQuery(SQL_QUERY);

        List list = query.list();
        for (Iterator it = list.iterator(); it.hasNext();) {
            Users objUsers = (Users) it.next();
            System.out.println("Username: " + objUsers.userName);
            System.out.println("Password: " + objUsers.password);
            System.out.println("Name: " + objUsers.name);
        }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.