I need to Post api to database using java in intellij. After testing sample api through postman i got an Sql exception saying Syntax error at or near ',' Please tell me where i made a mistake

0 votes

public Result setModelMasterParams(){
        try{
            long tenantId = request().getHeader("tenant_id")==null
                    || request().getHeader("tenant_id").equalsIgnoreCase("")
                    || request().getHeader("tenant_id").equalsIgnoreCase("null")
                    || request().getHeader("tenant_id").equalsIgnoreCase("undefined")
                    ?0l:Long.parseLong(request().getHeader("tenant_id"));
            long updateAiModelMasterId = request().getHeader("ai_model_master_id")==null
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("")
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("null")
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("undefined")
                    ?0l:Long.parseLong(request().getHeader("ai_model_master_id"));
            JsonNode body = request().body().asJson();
            long aiModelMasterId =0l;
            if ( body!=null) {

                long modelMasterParamsId = body.get("ai_model_master_parameters_id") == null
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("")
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("null")
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("undefined")
                        ? 0l : Long.parseLong(body.get("ai_model_master_parameters_id").asText());

                String parameterCategory = body.get("parameter_category")==null?"":body.get("parameter_category").asText();
                String parameterName = body.get("parameter_name")==null?"":body.get("parameter_name").asText();
                String parameterDataType = body.get("parameter_data_type")==null?"":body.get("parameter_data_type").asText();
                String parameterValue = body.get("parameter_value")==null?"":body.get("parameter_value").asText();
                String description = body.get("description")==null?"":body.get("description").asText();

                if (updateAiModelMasterId==0){
                    String sql= "INSERT INTO ai_model_master_parameters " +
                            "(ai_model_master_parameters_id, parameter_category, parameter_name, parameter_data_type, parameter_value, creation_date, created_by, last_updated_date,  last_updated_by, description) " +
                            "VALUES " +
                            "("+modelMasterParamsId+", "+parameterCategory+", "+parameterName+", "+parameterDataType+", "+parameterValue+", current_timestamp, 'admin', current_timestamp, 'admin', "+description+");";
                    System.out.println(sql);
                    Ebean.createSqlUpdate(sql).execute();

                    SqlRow model = Ebean.createSqlQuery("select ai_model_master_id as id from ai_model_master_parameters " +
                            " where parameter_name="+parameterName+" and " +
                            " parameter_category="+parameterCategory+" and parameter_data_type="+parameterDataType+" and " +
                            " parameter_value="+parameterValue+" and " +
                            " description="+description+" and ai_model_master_parameters_id="+modelMasterParamsId+" limit 1;")
                            .setParameter("id", 1)
                            .findUnique();

                    aiModelMasterId = model.get("id")==null?0: (long) model.get("id");

                }else{
                String sql= "UPDATE ai_model_master_parameters \n" +
                        " SET ai_model_master_parameters_id = "+modelMasterParamsId+",  parameter_category = "+parameterCategory+", \n" +
                        "parameter_name = "+parameterName+", last_update_date = current_timestamp, last_updated_by = 'admin', created_by = 'admin', creation_date = current_timestamp , \n" +
                        "parameter_data_type = "+parameterDataType+", parameter_value = "+parameterValue+", description = "+description+" \n" +
                        " WHERE ai_model_master_id = "+updateAiModelMasterId+";";
                    Ebean.createSqlUpdate(sql).execute();

                    aiModelMasterId=updateAiModelMasterId;

                }
            }
            return ok(aiModelMasterId+"");

        }catch (Exception e){
            e.printStackTrace();
            return badRequest("Exception: "+e.getMessage());
        }
    }

Aug 19 in Java by Sriram
• 120 points

recategorized Aug 19 by Niroj 321 views

Hi, @Sriram,

Can you post the actual SQL statement that gave this error? 

Hey, @sriram,

do you have Exception Trace from console or logs ??

Hello, @sriram,

Search for SQL injection in google. It's a flaw that allows a hacker to inject SQL statements into your API. You can prevent it by avoiding string concatenation and using parameterized statement

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Java

+2 votes
1 answer

please someone tell the code to launch an instance in digital ocean using java

In order to create a digital ocean ...READ MORE

answered Jan 14 in Java by Sirajul
• 58,130 points
477 views
0 votes
1 answer

How to call a method after a delay in Android using Java?

final Handler handler = new Handler(); handler.postDelayed(new Runnable() ...READ MORE

answered Jun 11, 2018 in Java by Akrati
• 3,170 points
3,884 views
0 votes
1 answer
0 votes
1 answer

how to read csv file form sftp connection and store into string object in java code and convert into json.....post it using rest api

Hey, @Pooja, Before starting with anything you should ...READ MORE

answered May 12 in Java by Roshni
• 4,630 points
493 views
0 votes
1 answer

Install postgreSQL on Ubuntu

Installing PostgreSQL on Ubuntu is very simple, ...READ MORE

answered Mar 22, 2019 in Database by Nitesh
169 views
0 votes
1 answer

Access progrs prompt without switching accounts

Use the following to get the postgres prompt ...READ MORE

answered Mar 22, 2019 in Database by Mahi
115 views
0 votes
1 answer

Create new role - postgresql on ubuntu

If you are logged in as the postgres account, ...READ MORE

answered Mar 22, 2019 in Database by Danny
98 views
0 votes
1 answer

Reset a sequence in Oracle

You can try out something like this create ...READ MORE

answered Sep 24, 2018 in Database by DataKing99
• 8,210 points
2,178 views