Hello,
I am creating a little webpage that allows a person to chose between 3 different ways in which they can query for results (either id, date, or symbol). Everything works fine if choosing id and entering a value to search for, but if date or symbol is chosen then I get "invalid identifier" errors because for some reason the single quotes are being stripped from the query.
here is the relevant code:
<%
Statement stmt = conn.createStatement();
String formattedInput = (search.getType().equals("Symbol") ? ("'"+search.getValue()+"'")
: search.getType().equals("Trans. Date")? ("to_date('"+search.getValue()+"','dd-mmm-yyyy')")
: (search.getValue()));
%>
<p>Sending query to the server for: <%= search.getType().toUpperCase()%> = <%= formattedInput %>
<br />
<%
ResultSet rs = stmt.executeQuery("Select * FROM"
+" (Select member.mid, security.symbol, cname, trans_date, trans_type, quantity, price_per_share, commission, amount"
+" FROM security, transaction, member"
+" where (security.symbol = transaction.symbol)"
+" and (member.mid = transaction.mid)) where " + search.getType() +" = "
+ formattedInput);
%>And here is the output to my web page if search by symbol is chosen and the parameter is "orcl" without the quotes:
"Sending query to the server for: SYMBOL = ORCL
Begin Exception Dump:
java.sql.SQLSyntaxErrorException: ORA-00904: "ORCL": invalid identifier
End Exception "
Any clues on how I can stop the single quotes from disappearing?