Hello I want to put 2 values to 2 columns in my table. I get those values from txtField and textField_1 (which are 2 textboxes on an GUI).
The problem is that whenever I push the button to register those values I get an syntax error on my mysql.
String query = "INSERT INTO Registration (Username , Password ) VALUES (? ,?)";
java.sql.PreparedStatement pst = connection.prepareStatement(query);
pst.setString(1,textField.getText());
pst.setString(2,textField_1.getText());
int rs = pst.executeUpdate(query);
If I put static values instead of ?, is working.
String query = "INSERT INTO Registration (Username , Password ) VALUES (? ,?)";
java.sql.PreparedStatement pst = connection.prepareStatement(query);
pst.setString(1,textField.getText());
pst.setString(2,textField_1.getText());
int rs = pst.executeUpdate();
use executeUpdate()
Related
I'm learning to work with mysql database and now trying to populate statement with text from textfield.
The program is phone book and strings are name, surname and telephone number which must be writen in textfield and then added to statement for import in database.
So, for now I have this, but not working because statement dont even recognize strings as value.. any ideas what to use/write?
if("Potvrdi".equals(buttonLabel)) {
String ime = a.getText();
String prezime = b.getText();
String broj = c.getText();
Connection conn = dc.connect();
Statement st = (Statement) conn.createStatement();
st.executeUpdate("INSERT INTO imenik VALUES (ime,prezime,broj)");
conn.close();
}
Using prepare statement,
String insertTableSQL = "INSERT INTO imenik VALUES (?,?,?)";
PreparedStatement preparedStatement = conn.prepareStatement(insertTableSQL);
preparedStatement.setString(1, ime);
preparedStatement.setString(2, prezime);
preparedStatement.setString(3, broj);
// execute insert
preparedStatement .executeUpdate();
I am new to java and trying to learn to insert the username and password and a profile image path into a Mysql database. When I run the following code, it will insert into table but the path filed of the table 'table_profile' 3rd column like as follows
if path equals "C:/Users/Manohar/Documents/FileUplaodDemo/build/web/uploads/x.jpg"
then it is inseerted as path equals "C:UsersManoharDocumentsFileUplaodDemo uildwebuploads
stmt = connection.prepareStatement(
"insert into table_profile values('"+userId+"','"+userName+"','"+path+"')");
User parameter binding like this:
stmt = connection.prepareStatement("insert into table_profile values(?, ?, ?)");
stmt.setInt(1, userId);
stmt.setString(2, userName);
stmt.setString(3, path);
Let Java do all the hard work for you :)
Hi I am trying insert data into the database using prepared statement but I am getting syntax error could u please help
public boolean SignUp(String last_name, String first_name,String email, String password,String confirm_password,String phone){
Connect connect = new Connect();
Connection conn = connect.Connection();
java.sql.PreparedStatement preparedStatement = null;
//NULL is the column for auto increment
String insertQuery = "INSERT INTO users VALUES (NULL, ?, ?, ?, ?, ?, ?)";
preparedStatement = conn.prepareStatement(insertQuery);
preparedStatement.setString(1, last_name);
preparedStatement.setString(2, first_name);
preparedStatement.setString(3, email);
preparedStatement.setString(4, password);
preparedStatement.setString(5, confirm_password);
preparedStatement.setString(6, phone);
int rs = preparedStatement.executeUpdate(insertQuery);
conn.close();
}
here is the error message
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?, ?, ?, ?, ?, ?)' at line 1
I found the answer :)
Use preparedStatement.execute() instead of executeUpdate(sql). You have already set the sql and params - the new setting in executeUpdate(sql) overrides the bind.
You should change the statement to list the columns explicitly, and drop NULL from the list of values.
String insertQuery = "INSERT INTO users"
+ " (last_name, first_name, email, password, confirm_password, phone)"
+ " VALUES(?,?,?,?,?,?)";
This way your insert statement is no longer dependent on the order of columns in your users table, and is also immune to addition of columns to the table.
Note that although this design is probably OK for a toy or an education system, but in a real production system storing password in a table is very dangerous. Storing confirm_password is rather unusual, too: normally your system checks that password is the same as confirm_password, and then inserts a salted password hash and a salt into the table.
Just a guess, not I'm not certain. But if one of the fields is autoincrement, then I don't think you need to insert it. Try taking out that NULL....
I am inserting values in a Mysql database from java file using -
String query = "INSERT INTO genes (sent, title) VALUES ('"+sent+"','"+title+"')";
Statement stmt = con.createStatement();
int rs = stmt.executeUpdate(query);
where sent and title are variable strings extracted after applying some algorithm. But this gives sql error when sent or title contains single qoutes.
Consider using a prepared statement with parameters:
PreparedStatement pstmt = con.prepareStatement(
"INSERT INTO genes (sent, title) VALUES (?, ?)");
pstmt.setString(1, sent);
pstmt.setString(2, title);
pstmt.executeUpdate();
You should use PreparedStatement in fill the query parameters. It takes care of escaping the single quotes if any in the input parameters.
Modify your query and statement object as follows and it should be working:
String query = "INSERT INTO genes (sent, title) VALUES (? , ?)";
PreparedStatement pst = con.prepareStatement( query );
pst.setString( 1, sent );
pst.setString( 2, title );
int insertResult = pst.executeUpdate();
You should use PreparedStatements for that. PreparedStatement is under java.sql.* namespace.
String insertString = "INSERT INTO genes (sent, title) VALUES (?,?)";
// con is your active connection
PreparedStatement insertX = con.prepareStatement(updateString);
insertX.setString(1, sent);
insertX.setString(2, title);
insertX.executeUpdate();
You should never concatenate SQL statements like this, instead, use prepared statements:
String query = "INSERT INTO genes (sent, title) VALUES (?,?)";
PreparedStatement stmt = con.prepareStatement(query);
p.setString(1, sent);
p.setString(2, title);
p.executeUpdate();
If you use the string concatenation method you are exposing yourself to dangerous sql-injection attacks.
String query = "INSERT INTO genes (sent, title) VALUES (?, ?)";
PreparedStatement pt = con.prepareStatement(query);
pt.setString(1, sent);
pt.setString(2, title);
pt.executeUpdate();
Please, Remove ' from string or replace by \' from '.
Mysql allow only in \' format for special character.
Hi
I have a code for table creating:
create table clt (id bigint not null, sources set('A1', 'empty', 'A2', 'A3'), text varchar(50));
table was created successfully.
now I'm trying to insert data:
java.sql.PreparedStatement stmt = null;
String query = "insert into clt (id, sources, text) values (?, ?, ?)";
stmt = conn.prepareStatement(query);
int it = 0;
stmt.setLong(++it, 25);
stmt.setString(++it, "A1, A2");
stmt.setString(++it, "some text data");
stmt.executeUpdate();
and gettting an error :(
exception: java.sql.SQLException: Data truncated for column 'sources' at row 1
without sources everything is ok.
where is my mistake?
thank you.
Get rid of the parentheses around A1:
stmt.setString(++it, "A1");