0

I'm tring to write a query but I obtain a syntax error. I know that this error is in the query's syntax. This is the query

ResultSet set=statement.executeQuery("Select * from Ombrellone where PosizioneX='"+c.getX()+"',PosizioneY='"+c.getY()+"'" );

Anyone can help me?

Suresh Atta
  • 120,458
  • 37
  • 198
  • 307
doflamingo
  • 77
  • 1
  • 1
  • 9
  • 1
    Unrelated: you are wide open for SQL Injection. You should use a `PreparedStatement` –  Oct 15 '14 at 15:04
  • @a_horse_with_no_name Though it is not related, it's a bigger problem than the current problem :) – Suresh Atta Oct 15 '14 at 15:09

2 Answers2

5

If you want to have multiple conditions on select, you must use AND, not comma.

ResultSet set=statement.executeQuery("Select * from Ombrellone where PosizioneX='"+c.getX()+"' and PosizioneY='"+c.getY()+"'" );

Side note : Avoid using String concatination with query parameters. They causes SQL injections and try using PreparedStatement.

Community
  • 1
  • 1
Suresh Atta
  • 120,458
  • 37
  • 198
  • 307
1

Though the problem in your case was basically because you used comma on your SQL query which is wrong you can use AND or OR for condition fulfillment when using WHERE clause but also I would suggest you to use PreparedStatement over Statement.

String query = "Select * from Ombrellone where PosizioneX = ? and PosizioneY = ?"
PreparedStatement statement = conn.prepareStatement(query);
statement.setString(1,c.getX());
statement.setString(2,c.getY());
ResultSet resultSet = statement.executeQuery();

Refer difference between statement and preparedstatement

Community
  • 1
  • 1
SparkOn
  • 8,806
  • 4
  • 29
  • 34
  • 1
    `PreparedStatement` is definitely the better choice here, however, strictly speaking, is secondary to the problem. The problem was the use of comma instead of `and`. – Brandon Oct 15 '14 at 15:12
  • @Brandon agreed but the solution should always be perfect – SparkOn Oct 15 '14 at 15:14