user46329 user46329 - 10 days ago 5
Java Question

Too few parameters. Expected 1. error


[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1.


This is the error I am getting when I execute this query:

s="select * from package where p_name like "+packageChange;


when I execute:

s="select * from package";


then it works fine.

But whats the problem with "p_name" column of table "package"...?

My code,

res=start.executeQuery("select * from package where p_name like "+packageChange);


the statement

System.out.println("ddddddd="+packageChange);


prints ddddddd=pkg5

Answer

Is this Java code? If so, use bind variables:

Connection conn = ...;
PreparedStatement st = conn.prepareStatement("select * from package where p_name like ?");
st.setString(1, packageChange);
res = st.executeQuery();

Otherwise, you are subject for SQL injection.

In your original code, enclose the parameter in apostrophes:

res=start.executeQuery("select * from package where p_name like '"+packageChange + "'"); 

But I encourage you not to do this: you should check for apostrophes and newlines (and maybe more) in the packageChange variable - sanitize it, such as here.

Comments