All Things Techie With Huge, Unstructured, Intuitive Leaps

Java String MySQL Error

I just spent an hour banging my head against a wall.  I constructed a mysql query string from variables.  So my string construct would look like this:
String quality = "Very Good";

String queryString = "Select  * from products where consumer_rating=" + quality;

The thing kept bombing.  It said that I had an sql error near where consumer_rating=Very Good.

It all looked kosher.  I had forgotten that a string value needs single quotes.

In other words, I should have declared quality =" 'Very Good' ";

Notice the single quotes after the double quotes.  Necessary for an sql statement for string injection.

Hope this helps someone save some time.

No comments:

Post a Comment