jeffkempf jeffkempf - 7 months ago 9
SQL Question

MySQLSyntaxErrorException when trying to insert a value containing '

I know there are countless entries already for MySQLSyntaxErrorException errors, but I haven't yet read any posts that have solved my issue, and I could really use an extra set of eyes to try to point out where I'm going wrong.

I'm working on creating a simple web scraper that stores the names of breweries listed on a wikipedia page into a basic MySQL table stored locally using WAMP. My existing code seems to be working correctly until I encounter a brewery name that includes a ' in the name. This is also my first time using JSoup for HTML parsing.

Here's my current code:

import java.io.IOException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;

public class Main {
public static DB db = new DB();

public static void main(String[] args) throws SQLException, IOException {
db.runSql2("TRUNCATE Brewery;");
processPage("myBrew");
System.out.println("done parsing");
}


// recursive method to find brewery names by adding db entry for all <li><a>
// values on site. Might not need recursion for this.
public static void processPage(String bName) throws SQLException,
IOException {
// check if the given URL is already in database
String sql = "select * from Brewery where name = '" + bName + "'";
ResultSet rs = db.runSql(sql);
if (rs.next()) {
// do nothing because already exists
} else {
// store the brewery to database to avoid parsing again
sql = "INSERT INTO `Crawler`.`Brewery` " + "(`name`) VALUES "
+ "(?);";
PreparedStatement stmt = db.conn.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS);
stmt.setString(1, bName);
//stmt.execute();
stmt.executeUpdate();

// get useful information
//research this further to better understand what it's doing
Document doc = Jsoup.connect("https://en.wikipedia.org/wiki/List_of_microbreweries").get();

//case-senstive
if (doc.text().contains("Brewery")) {
System.out.println(bName);
}

// get all links and recursively call the processPage method
Elements breweries = doc.select("a[href]");
for (Element link : breweries) {
//System.out.println("element class: " + link.nodeName());
//System.out.println("parent class: " + link.parent().nodeName());
System.out.println("element title: " + link.attr("title"));

//assumes that all brewery names will be listed in <li><a> html format
if (link.nodeName() == "a" && link.parent().nodeName() == "li") {
System.out.println("recursive call tripped");
String tmp = link.attr("title");
//String first = tmp.charAt(0) + "";
if(tmp.contains("'")){
String brew = tmp.replaceAll("'", "\\\'");
/*System.out.println("new string: '" + brew +"'");
processPage("'" + brew + "'");*/
System.out.println("new string: " + brew);
processPage(brew);
}
else {
if (tmp.contains(" (page does not exist)")) {
String brew = tmp.replaceAll(" (page does not exist)", "");
System.out.println("shortened string: " + brew);
processPage(brew);
}
else {
//no ' exists in the name
processPage(tmp);
}
}

}
}
}
}
}


When using this syntax, I get the following error:

Exception in thread "main" com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's All Natural Brewing Company'' at line 1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
at com.mysql.jdbc.Util.getInstance(Util.java:387)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505)
at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1370)
at DB.runSql(DB.java:26)
at Main.processPage(Main.java:57)
at Main.processPage(Main.java:95)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.main(Main.java:17)


With this code, the brewery name containing the ' is NOT getting stored in my MySQL table. However, if I replace the following line

String brew = tmp.replaceAll("'", "\\\'");


with

String brew = tmp.replaceAll("'", "\\\\'");


then the brewery name DOES get stored into my MySQL table and I get the following error before the next brewery name gets scraped:

Exception in thread "main" com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'Beau\'s All Natural Brewing Company' for key 'brewery_name'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
at com.mysql.jdbc.Util.getInstance(Util.java:387)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:932)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2551)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1861)
at com.mysql.jdbc.PreparedStatement.executeUpdateInternal(PreparedStatement.java:2073)
at com.mysql.jdbc.PreparedStatement.executeUpdateInternal(PreparedStatement.java:2009)
at com.mysql.jdbc.PreparedStatement.executeLargeUpdate(PreparedStatement.java:5094)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1994)
at Main.processPage(Main.java:67)
at Main.processPage(Main.java:95)
at Main.processPage(Main.java:95)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:101)
at Main.processPage(Main.java:105)
at Main.processPage(Main.java:105)
at Main.main(Main.java:17)


Using

String brew = tmp.replaceAll("'", "''");


instead of

String brew = tmp.replaceAll("'", "\\\\'");


results in the same issue.

My runSql method from my DB class:

public ResultSet runSql(String sql) throws SQLException {
Statement sta = conn.createStatement();
return sta.executeQuery(sql);
}


If anyone has any ideas, please let me know. I've spent hours trying different variations of escape characters, etc, but I can't find anything to fix this issue. Another pair of eyes looking over my code might just be what I need. Thanks in advance for your help.

EDIT:
I'm not currently using Spring or Hibernate.

Answer

If you already know how to use a PreparedStatement with value markers (?) for the INSERT statement, why not use one for the SELECT statement too?

That will fix your error the correct way.