The Artima Developer Community
Articles | News | Weblogs | Buzz | Books | Forums
Legacy Forums | Legacy Java Answers Forum | This Topic | Message | Replies
Sponsored Link

Legacy Java Answers Forum
October 2001

Advertisement

Advertisement

This page contains an archived post to the Java Answers Forum made prior to February 25, 2002. If you wish to participate in discussions, please visit the new Artima Forums.

Message:

PreparedStatements...

Posted by Mukul on October 31, 2001 at 2:48 AM

>
> > But u knwo the problem is i want the user to enter data in the front end n update the DB. plz let me know how to do.
> > here is what i tried but could'nt do
>
> Here is your problem(s):
> String s1= "UPDATE tblCustomer SET CustomerNumber=c1,CustomerName=c2,CustomerAddress1=c3,CustomerAddress2=c4,CustomerCity=c5,CustomerState=c6,CustomerZipCode=c7,CustomerTelephone=c8,CustomerCreditLimit=c9,CustomerPrimaryContact=c10";
> rs1=st1.executeUpdate(s1);

> First of all, you are not inserting the values of the variables into the string that is submitted (which, by the way should have a nicer name than "s1" if I may offer my opinion). You need to build it up by adding in the contents of the data strings, not the variable names. Additionally, you need to put quotes around the string values you are submitting to the database. Look at a SQL book or documentation for mySQL to see syntax for entering different datatypes.

> So, you might have something like this:
> 


> String submitUpdate = "UPDATE tblCustomer SET CustomerNumber=";
> submit += c1 + ",CustomerName='" + c2 + "',CustomerAddress1='";
> // ... continue the same way with the rest of them ...
> 

> and so on.  Note that I didn't quote the customer number, because I assume the field in the database is numeric, not string.   If it is string (why?), then it should be quoted to.
> Also, another note on style: I wouldn't hard-code the table and column names into various string throughout the code, because if they are changed, you have a big maintenance mess.   It might be better to make constant (static final) Strings for them.
> - mfg

A better approach would be to use PreparedStatement if you are inserting strings in the database and if your strings can have characters which have some meaning for database as well like ", ', % etc.









Replies:
Sponsored Links


Google
  Web Artima.com   
Copyright © 1996-2009 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use - Advertise with Us