I need to Post api to database using java in intellij After testing sample api through postman i got an Sql exception saying Syntax error at or near Please tell me where i made a mistake

0 votes

public Result setModelMasterParams(){
            long tenantId = request().getHeader("tenant_id")==null
                    || request().getHeader("tenant_id").equalsIgnoreCase("")
                    || request().getHeader("tenant_id").equalsIgnoreCase("null")
                    || request().getHeader("tenant_id").equalsIgnoreCase("undefined")
            long updateAiModelMasterId = request().getHeader("ai_model_master_id")==null
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("")
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("null")
                    || request().getHeader("ai_model_master_id").equalsIgnoreCase("undefined")
            JsonNode body = request().body().asJson();
            long aiModelMasterId =0l;
            if ( body!=null) {

                long modelMasterParamsId = body.get("ai_model_master_parameters_id") == null
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("")
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("null")
                        || body.get("ai_model_master_parameters_id").asText().equalsIgnoreCase("undefined")
                        ? 0l : Long.parseLong(body.get("ai_model_master_parameters_id").asText());

                String parameterCategory = body.get("parameter_category")==null?"":body.get("parameter_category").asText();
                String parameterName = body.get("parameter_name")==null?"":body.get("parameter_name").asText();
                String parameterDataType = body.get("parameter_data_type")==null?"":body.get("parameter_data_type").asText();
                String parameterValue = body.get("parameter_value")==null?"":body.get("parameter_value").asText();
                String description = body.get("description")==null?"":body.get("description").asText();

                if (updateAiModelMasterId==0){
                    String sql= "INSERT INTO ai_model_master_parameters " +
                            "(ai_model_master_parameters_id, parameter_category, parameter_name, parameter_data_type, parameter_value, creation_date, created_by, last_updated_date,  last_updated_by, description) " +
                            "VALUES " +
                            "("+modelMasterParamsId+", "+parameterCategory+", "+parameterName+", "+parameterDataType+", "+parameterValue+", current_timestamp, 'admin', current_timestamp, 'admin', "+description+");";

                    SqlRow model = Ebean.createSqlQuery("select ai_model_master_id as id from ai_model_master_parameters " +
                            " where parameter_name="+parameterName+" and " +
                            " parameter_category="+parameterCategory+" and parameter_data_type="+parameterDataType+" and " +
                            " parameter_value="+parameterValue+" and " +
                            " description="+description+" and ai_model_master_parameters_id="+modelMasterParamsId+" limit 1;")
                            .setParameter("id", 1)

                    aiModelMasterId = model.get("id")==null?0: (long) model.get("id");

                String sql= "UPDATE ai_model_master_parameters \n" +
                        " SET ai_model_master_parameters_id = "+modelMasterParamsId+",  parameter_category = "+parameterCategory+", \n" +
                        "parameter_name = "+parameterName+", last_update_date = current_timestamp, last_updated_by = 'admin', created_by = 'admin', creation_date = current_timestamp , \n" +
                        "parameter_data_type = "+parameterDataType+", parameter_value = "+parameterValue+", description = "+description+" \n" +
                        " WHERE ai_model_master_id = "+updateAiModelMasterId+";";


            return ok(aiModelMasterId+"");

        }catch (Exception e){
            return badRequest("Exception: "+e.getMessage());

Aug 19, 2020 in Java by Sriram
• 120 points

recategorized Aug 19, 2020 by Niroj 1,289 views

Hi, @Sriram,

Can you post the actual SQL statement that gave this error? 

Hey, @sriram,

do you have Exception Trace from console or logs ??

Hello, @sriram,

Search for SQL injection in google. It's a flaw that allows a hacker to inject SQL statements into your API. You can prevent it by avoiding string concatenation and using parameterized statement

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Java

+2 votes
1 answer

please someone tell the code to launch an instance in digital ocean using java

In order to create a digital ocean ...READ MORE

answered Jan 14, 2020 in Java by Sirajul
• 59,230 points
0 votes
1 answer

How to call a method after a delay in Android using Java?

final Handler handler = new Handler(); handler.postDelayed(new Runnable() ...READ MORE

answered Jun 11, 2018 in Java by Akrati
• 3,190 points
0 votes
1 answer
0 votes
1 answer

how to read csv file form sftp connection and store into string object in java code and convert into json.....post it using rest api

Hey, @Pooja, Before starting with anything you should ...READ MORE

answered May 13, 2020 in Java by Roshni
• 10,520 points
0 votes
2 answers

Install postgreSQL on Ubuntu

Follow the below commands to install PostgreSQL (PSQL) ...READ MORE

answered Nov 12, 2020 in Database by Prachi
• 140 points
0 votes
1 answer

Access progrs prompt without switching accounts

Use the following to get the postgres prompt ...READ MORE

answered Mar 22, 2019 in Database by Mahi
0 votes
1 answer

Create new role - postgresql on ubuntu

If you are logged in as the postgres account, ...READ MORE

answered Mar 22, 2019 in Database by Danny
0 votes
1 answer

Reset a sequence in Oracle

You can try out something like this create ...READ MORE

answered Sep 24, 2018 in Database by DataKing99
• 8,240 points
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP