Syntax error trying to create an sql table from Java

I want to create a table and this table's name will be inserted from a textfield. However when I run the query it's giving me an error, any help on this one? I'll paste the code here: public boolean CreateTable() { TableNumber = jTextField4.getText(); try { String password = null; String s = "CREATE TABLE '"+TableNumber+ "' (Item char(50),Price char(50))"; ConnectionForOrders(); stmt = conn.createStatement(); stmt.executeUpdate(s); boolean f = false; ConnectionForOrdersclose();
Answer:

I'll start by assuming your '" gaff is a typo because it shouldn't even compile that way (I edited the question to fix it for those that come later). That aside, you don't enclose tables names in single quotes. It's not: CREATE TABLE 'tablename' ( ... ) You just write: CREATE TABLE tablename ( ... ) But you shouldn't even do that much, because you're getting your tablename from a text field. What's to prevent someone from entering something like this in that text field: a(b int);DROP TABLE users;-- (Assuming of course that you have a users table somewhere). It's important to remember that an attacker could enter any arbitrary sql after that first ;, and your database will blindly run it.

user362895 at Stack Overflow Visit the source

Was this solution helpful to you?

Other answers

Is TableNumber well...a number? If it is, it's probably causing a syntax error.

Roland Bouman

Looks like the apostrophe and quotation mark are inverted around TableNumber (the right side), which would produce a compiler error.

Mike

Related Q & A:

How to create an external table for hbase?Best solution by stackoverflow.com
What is Hash Table, how to create a hash table?Best solution by Stack Overflow
How do I create an HTML table, in jQuery, with JSON data?Best solution by Stack Overflow
How do i correct syntax error?Best solution by Yahoo! Answers
How to correct syntax error in Yahoo mail page?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.