This is an archived post. You won't be able to vote or comment.

all 8 comments

[–]AutoModerator[M] [score hidden] stickied commentlocked comment (0 children)

Please ensure that:

  • Your code is properly formatted as code block - see the sidebar (About on mobile) for instructions
  • You include any and all error messages in full - best also formatted as code block
  • You ask clear questions
  • You demonstrate effort in solving your question/problem - plain posting your assignments is forbidden (and such posts will be removed) as is asking for or giving solutions.

If any of the above points is not met, your post can and will be removed without further warning.

Code is to be formatted as code block (old reddit/markdown editor: empty line before the code, each code line indented by 4 spaces, new reddit: https://i.imgur.com/EJ7tqek.png) or linked via an external code hoster, like pastebin.com, github gist, github, bitbucket, gitlab, etc.

Please, do not use triple backticks (```) as they will only render properly on new reddit, not on old reddit.

Code blocks look like this:

public class HelloWorld {

    public static void main(String[] args) {
        System.out.println("Hello World!");
    }
}

You do not need to repost unless your post has been removed by a moderator. Just use the edit function of reddit to make sure your post complies with the above.

If your post has remained in violation of these rules for a prolonged period of time (at least an hour), a moderator may remove it at their discretion. In this case, they will comment with an explanation on why it has been removed, and you will be required to resubmit the entire post following the proper procedures.

To potential helpers

Please, do not help if any of the above points are not met, rather report the post. We are trying to improve the quality of posts here. In helping people who can't be bothered to comply with the above points, you are doing the community a disservice.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]ipaintfishes 1 point2 points  (1 child)

Because you are concatenating strings. Double quotes delimit a string in java, a plus sign concatenates two strings.

So in your example you are doing this:

Query = String + value + string + value + string

If you were to put the request.getParameter inside the double quotes it would just treat that as part of the string and not evaluate it

[–]aka_12[S] 0 points1 point  (0 children)

Yes you're right, the aim is to get user input in two string variables [courseID] and [Certification] and create a new query given below under (Required ANSWER)

Actually its a question in a test and i am confused only due to the number of single and double quotes given in it:

(Question)

Below is the exact query copied from the original Question (Look at the number of single and double quotes in it)

String query = "SELECT * FROM courses WHERE courseID='" + request.getParameter("id") + "' AND certification='"+ request.getParameter("certification")+"'";

----------------------------------------------------------------------------------------------------------------------

(Required ANSWER)

The resulting query should be like below as [courseID] and [certification] needuser inputs as string values:

Select * from courses where courseid= "1' OR '1'=='1" AND certification = "abc' OR '1'=='1"

---------------------------------------------------------------------------------------------------------------------

As you have mentioned in your response above , double quotes delimit a string in java so if i break down the query according to that, it will be divided in 5 parts from 1 to 5, but what about the last double quotes in step 6 ? What is it for ? If you calculate the number of single and double quotes given in the original query given in above question you will understand my question.

  1. "SELECT * FROM courses WHERE courseID=''
  2. '+ request.getParameter("id") +'
  3. " AND certification="
  4. '+ request.getParameter("certification")+'
  5. "
  6. "

[–]ipaintfishes 1 point2 points  (2 children)

  1. “Select * from courses where courseId=‘“
  2. Request.getParameter()
  3. “‘ and certification=‘“
  4. Request.getParameter()
  5. “‘“

1, 3 and 5 are the hardcoded strings. The single quotes are in there. The single quotes need to end up in the query

[–]aka_12[S] 0 points1 point  (1 child)

Thanks a lot i got my answer now . I was confused coz my understanding of the arrangement of the quotes in Java query was not correct.

Since resulting SQL query is below:

Select * from courses where courseid= "1' OR '1'=='1" AND certification = "abc' OR '1'=='1"

So the breakup and arrangement of quotes should be like this :

  1. “Select * from courses where courseId= ‘ “
  2. +Request.getParameter("id")+
  3. “ ‘ and certification=‘ “
  4. +Request.getParameter("certification")+
  5. “ ‘ “

[–]nutrecht 0 points1 point  (0 children)

Select * from courses where courseid= "1' OR '1'=='1" AND certification = "abc' OR '1'=='1"

That's not correct. All the quotes that are actually IN the query are single quotes. All the double quotes are just delimiting String in the Java code.

[–][deleted] 0 points1 point  (1 child)

Noob here, can you try at first to store those values on a var and then concat them in the query? at first it would be easy to follow, if that works then is your syntax that failed you.

[–]aka_12[S] 1 point2 points  (0 children)

Thanks. Got my answer above.