When I write a name as a user, I need to access the surname for this name which is already in database. For example:
Enter a name: beste
beste's surname is: ozcaglar
When I execute my code I can't see any surname as output.
In my database, I have name, surname and no (Auto-Incremented) columns.
import java.sql.*;
import java.util.*;
public class ConnectionMySQL {
public static void main(String[] args) {
Scanner scan = new Scanner(System.in);
System.out.println("Enter a name: ");
String isim = scan.next();
try {
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/student","root","");
//System.out.println("Connection success");
String query= "SELECT surname FROM student_table WHERE name='isim'";
Statement stm =conn.createStatement();
ResultSet rs= stm.executeQuery(query);
while (rs.next()) {
System.out.println("Name: " + rs.getString("name")+ " Surname: "+rs.getString("surname"));
}
}
catch (Exception e) {
System.err.println(e);
}
}
}
You can follow this:
import java.sql.*;
import java.util.*;
public class test4 {
public static void main(String[] args) {
#SuppressWarnings("resource")
Scanner scan = new Scanner(System.in);
System.out.println("Enter a name: ");
String isim = scan.next();
try {
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/test", "root", "");
System.out.println("Connection success");
String query = "SELECT * FROM users WHERE surname='" + isim + "'";
Statement stm = conn.createStatement();
ResultSet rs = stm.executeQuery(query);
while (rs.next()) {
String fName = rs.getString(1);
String sName = rs.getString(2);
System.out.println("Name: " + fName + " Surname: " + sName);
}
} catch (Exception e) {
System.err.println("Error");
}
}
}
The error means that the table doesn't have a column that is called "isim".
Maybe you meant to write:
SELECT surname FROM student_table WHERE name='isim'
?
EDIT (following the comments):
query = "SELECT surname FROM student_table WHERE name='" + isim + "'"
However this should not be used in a real-world application for security reasons (it allows SQL injection attacks).
In actual production code you should either escape input strings, or use parameterized queries...
Related
I have just started with ucanaccess and I am attempting to work out how it works. I wanted to update my Access database's username from "Sutaciba" to "Evan" but it shows the following error:
"Exception occured:
UCAExc:::4.0.4 C:\Users\evanc\AppData\Roaming\IT PAT DataBase (Access is denied)".
Seems like Ucanaccess doesn't have permission to gain access to my database for some reason.
Thank you for any help!
public static void main(String args[])
{
int ID = 1;
String username = "Sutachiba";
String password = "Evanchui123";
String email = "evanchui34#gmail.com";
try
{
Connection conn = DriverManager.getConnection("jdbc:ucanaccess://C:\\Users\\evanc\\AppData\\Roaming\\IT PAT DataBase");
Statement s = conn.createStatement();
ResultSet rs = s.executeQuery("SELECT [username], [password] FROM [tblUser] WHERE ID =" + ID);
while(rs.next())
{
username = rs.getString(1);
password = rs.getString(2);
email = rs.getString(3);
System.out.println("Username: " + username + '\n' + "Password: " + '\n' + "Email:" + email);
}
String newN = "Evan";
String updateQuery = "UPDATE userDB SET (username) = (?) WHERE ID =" + ID;
PreparedStatement st = conn.prepareStatement(updateQuery);
st.setString(1, newN);
st.executeUpdate();
System.out.println("Successfully updated userdata!");
conn.close();
}
catch(Exception ex)
{
System.err.println("Exception occured: ");
System.err.println(ex.getMessage());
}
I have established a connection with mySql and Java and currently I can run a query from my database. I can run queries such as "Select * from Customer".
The problem appears, when i try to scan a value from the user and try to run it in my db.
select E.rent_id, name, telephone, Pa.date_get, Pr.date_return
from Rent as E, Customer as P, Get as Pa, return as Pr, Makes as Pg
where E.rent_id = Pg.rent_id
and Pg.cust_id = P.cust_id
and E.rent_id = Pa.rent_id
and E.rent_id = Pr.rent_id
and Month (Pa.date_get) = #input
and Year (Pa.date_get) = #input;
This is a query, which selects an id, a name, telephone, and dates of get and return of a vehicle (this is a db for a car rental company).
Unfortunately, when I connect to my db via Java, using the connector, I can't run this query.
Do you have any idea what to do?
Here follows the code in java that makes the connection and the use of the query, stated above.
package database;
import java.util.Scanner;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
public class Connect {
public void databaseConnect(String connect_string, String username, String password) {
try {
Scanner scanner = new Scanner (System.in);
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(connect_string, username, password);
System.out.println("Connection Succesful");
Statement statement = conn.createStatement();
System.out.println("Insert month: ");
int mina = scanner.nextInt();
System.out.println("Insert year: ");
int xrono = scanner.nextInt();
String query = "select E.rent_id, name, telephone, Pa.date_get, Pr.date_return\r\n" +
"from Rent as E, Customers P, Get as Pa, return as Pr, makes as Pg\r\n" +
"where E.rent_id = Pg.rent_id \r\n" +
"and Pg.cust_id = P.cust_id \r\n" +
"and E.rent_id = Pa.rent_id \r\n" +
"and E.rent_id = Pr.rent_id \r\n" +
"and Month (Pa.date_get) = #mina \r\n" +
"and Year (Pa.date_get) = #xrono;";
ResultSet rs = statement.executeQuery(query);
while (rs.next()) {
System.out.println(rs.getString(1));
System.out.println(rs.getString(2));
System.out.println(rs.getString(3));
System.out.println(rs.getString(4));
System.out.println(rs.getString(5));
}
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
Connect connectToServer = new Connect();
connectToServer.databaseConnect("jdbc:mysql://localhost/acr", "/*username*/", "/*password*/");
}
}
Can you see a mistake?
Thank you so much in advance!
I have a register dialog that implements an action listener. If a user enters a name and it already exists, I want to print a message on the console. If the username does not exist, MySQL should add it into the database. Unfortunately this code won't work:
private void regButtonActionPerformed(java.awt.event.ActionEvent evt) {
if(!userBox.getText().equals(""))
{
try
{
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/genx", "root", "Warlock1989");
Statement stmt = con.createStatement();
String query = "SELECT name FROM accounts";
ResultSet rs = stmt.executeQuery(query);
while(rs.next())
{
String uname = rs.getString("name");
if(!uname.equals(userBox.getText()))
{
PreparedStatement pstmt = con.prepareStatement("INSERT INTO accounts(name) VALUES(?)");
pstmt.setString(1, userBox.getText());
pstmt.executeUpdate();
System.out.println("Username " + userBox.getText() + " has been registered.");
}
else
{
System.out.println("Username " + userBox.getText() + " already exists.");
}
}
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
Your current approach loads all records from database and tries to find the user which will cause memory exceptions if the database consists of huge records. So,
Do not fetch all records from database rather simply run the query using where name=? to check user already exists in the database as shown below:
PreparedStatement pstmt1 = null;
PreparedStatement pstmt2 = null;
ResultSet rs = null;
try {
String userInput = userBox.getText();
String query = "SELECT name FROM accounts where name=?";
pstmt1 = con.preparedStatement(query);
pstmt1.setString(1, userInput);
rs = pstmt1.executeQuery();
if(rs.next()) {
pstmt2 = con.prepareStatement("INSERT INTO accounts(name) VALUES(?)");
pstmt2.setString(1, userInput);
pstmt2.executeUpdate();
System.out.println("Username " + userInput + " has been registered.");
} else {
System.out.println("Username " + userInput + " already exists.");
}
} catch(SQLException sqlexe) {
//add logging
} finally {
if(pstmt1 != null)
pstmt1.close();
if(pstmt2 != null)
pstmt2.close();
if(rs != null)
rs.close();
}
Your current code does not release the resultsset & preparedstatement objects, so ensure that you are releasing the resources in the finally block.
I have the following function and I am trying to compare the number of students enrolled in a class with the class max. If the number enrolled is greater than the class max, I want to return a message that says, "The Class if Full".
public static void classFullCheck() {
try {
String currentNumberInClassAsString = ("SELECT class_id, COUNT(*) FROM ClassSelector.student_x_class WHERE class_id = " + selectedClass);
rs = myStmt.executeQuery(currentNumberInClassAsString);
int currentNumberInClassAsInt = 0;
if(rs.next()){
currentNumberInClassAsInt = rs.getInt(1);
}
String classSizeAsString = ("SELECT class_size FROM ClassSelector.classes WHERE class_id = " + selectedClass);
rs = myStmt.executeQuery(classSizeAsString);
int classSizeAsInt = 0;
if(rs.next()){
classSizeAsInt = rs.getInt("class_size");
}
if (currentNumberInClassAsInt > classSizeAsInt){
System.out.println("Sorry, this class is Full!");
}
} catch (java.sql.SQLException SQL) {
SQL.printStackTrace();
}
}
I am inserting the classFullcheck() function into the addClass() function like this:
public static void addClass() {
try {
rs = myStmt.executeQuery("SELECT * FROM ClassSelector.classes");
while (rs.next()) {
String availableClasses = rs.getString("class_id") + "\t" + rs.getString("class_name") + "\t" + rs.getString("description");
System.out.println(availableClasses);
}
System.out.println("Enter Class ID from Classes Listed Above to Join: ");
selectedClass = sc.nextLine();
rs = myStmt.executeQuery("SELECT * FROM ClassSelector.classes WHERE class_id = " + selectedClass);
while (rs.next()) {
classFullCheck();
String innerJoin = (userEnterIdAsName + " has been added to " + rs.getString("class_name") + " " + rs.getString("class_id"));
System.out.println(innerJoin);
String student_x_classJoin = "INSERT INTO student_x_class" + "(student_id, student_name, class_id, class_name)" + "VALUES (?, ?, ?, ?)";
PreparedStatement pStmt = con.prepareStatement(student_x_classJoin);
pStmt.setString(1, user_entered_student_id);
pStmt.setString(2, userEnterIdAsName);
pStmt.setString(3, rs.getString("class_id"));
pStmt.setString(4, rs.getString("class_name"));
pStmt.executeUpdate();
System.out.println("Would you like to enroll " + userEnterIdAsName + " into another class? (Y/N)");
String addAdditionalClass = sc.nextLine();
if (addAdditionalClass.equalsIgnoreCase("Y")) {
addClass();
} else if (addAdditionalClass.equalsIgnoreCase("N")) {
return;
}
}
}
catch (java.sql.SQLException SQL) {
System.out.println("Wait, This Student is already enrolled in this class!");
}
}
I am currently just getting both messages printed out, even if a class is not full. Any suggestions would help a lot.
if (currentNumberInClassAsInt >= classSizeAsInt) {
String updateStatus = "Update ClassSelector.classes SET status = ? WHERE class_id = " + selectedClass;
PreparedStatement pStmt = con.prepareStatement(updateStatus);
pStmt.setString(1, "Closed");
pStmt.executeUpdate();
System.out.println("Sorry, this class is Full! Select a different Class:");
System.out.println("\nSign Up For a Class\n");
addClass();
}
I think you want this:
currentNumberInClassAsInt = rs.getInt(2);
instead of:
currentNumberInClassAsInt = rs.getInt(**1**);
I don't think the ResultSet is 0 based...
Also is rs a global variable because it looks like you are changing your ResultSet rs when you call classFullCheck(). You may not have what you think you do in the ResultSet...
rs = myStmt.executeQuery("SELECT * FROM ClassSelector.classes WHERE class_id = " + selectedClass);
while (rs.next()) {
classFullCheck();//****************result set changed here******************
String innerJoin = (userEnterIdAsName + " has been added to " + rs.getString("class_name") + " " + rs.getString("class_id"));
You may think you have this: rs = myStmt.executeQuery("SELECT * FROM ClassSelector.classes WHERE class_id = " + selectedClass); in your result set but you change rs in classFullCheck(). You may want to store the data in a different object that way when you run another query you can still access the data.
I am trying to develop a simple Java DVD library console app in Java. I have created a database table that contains a list of DVD's. I have managed to get the adding a new DVD to the database functionally working, but I am struggling to delete a row from the database. When I use a SQL statement to select a row (row 7) then run the line 'rs.delete' I get the following exception:-
Invalid cursor state - no current row.
Below is my database table:-
ID Film Name Genre Rating
-------------------------------
1 Robocop Sci-fi 18
2 Terminator Sci-fi 18
3 Alien Sci-fi 18
4 Big Fish Fantasy PG
5 The Pianist Drama 18
6 Total Recall Sci-fi 18
7 Carnage Comedy 18
Below is copy of my code. Please could somebody help?
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package dvdlibrary;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.ResultSet;
import javax.swing.JOptionPane;
import java.util.Scanner;
/**
*
* #author Andy
*/
public class DVDLibrary {
Connection con;
Statement stmt;
ResultSet rs;
String selection = "";
int id_num =0;
String film_name ="";
String genre ="";
String rating="";
public DVDLibrary()
{
DoConnect();
}
public void DoConnect() {
try
{
String host = "jdbc:derby://localhost:1527/DVDLibrary";
String username = "andyshort";
String password = "Pa55word";`enter code here`
con = DriverManager.getConnection(host, username, password);
stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
String SQL = "SELECT * FROM ANDYSHORT.DVDS";
rs = stmt.executeQuery(SQL);
/*
System.out.println("ID Film Name Genre Rating");
System.out.println("-------------------------------");
while (rs.next())
{
int id_col = rs.getInt("ID");
String film_name_col = rs.getString("Film_Name");
String genre_col = rs.getString("Genre");
String rating_col = rs.getString("Rating");
String p = id_col + " " + film_name_col + " " + genre_col + " " + rating_col;
System.out.println(p);
//System.out.format("%32s%10d%16s", id_col , film_name_col, genre_col, rating_col);
}
*/
}
catch (SQLException err)
{
System.out.println(err.getMessage());
}
}
public void GetUserInput()
{
System.out.println();
System.out.println("What would you like to do? Choose one of the following options.");
System.out.println("1. Display DVD library list");
System.out.println("2. Add a new film to database.");
System.out.println("3. Delete a film from the database.");
System.out.println();
Scanner user_option_selection = new Scanner(System.in);
selection = user_option_selection.next();
if(selection.equalsIgnoreCase("1"))
{
DisplayDVDList();
}
else if(selection.equalsIgnoreCase("2"))
{
AddRecord();
}
else if(selection.equalsIgnoreCase("3"))
{
DeleteRecord();
}
else
{
System.out.println("Incorrect option entered. Please try again.");
}
}
public void DisplayDVDList()
{
try
{
String SQL = "SELECT * FROM ANDYSHORT.DVDS";
rs = stmt.executeQuery(SQL);
System.out.println("ID Film Name Genre Rating");
System.out.println("-------------------------------");
while (rs.next())
{
int id_col = rs.getInt("ID");
String film_name_col = rs.getString("Film_Name");
String genre_col = rs.getString("Genre");
String rating_col = rs.getString("Rating");
String p = id_col + " " + film_name_col + " " + genre_col + " " + rating_col;
System.out.println(p);
//System.out.format("%32s%10d%16s", id_col , film_name_col, genre_col, rating_col);
}
}
catch (SQLException err)
{
System.out.println(err.getMessage());
}
GetUserInput();
}
public void AddRecord()
{
Scanner new_film_details = new Scanner(System.in);
System.out.println("Please enter film name: ");
film_name = new_film_details.next();
System.out.println("Please enter film genre: ");
genre = new_film_details.next();
System.out.println("Please enter film rating: ");
rating = new_film_details.next();
try
{
rs.last();
id_num = rs.getRow();
id_num = id_num + 1;
rs.moveToInsertRow();
rs.updateInt("ID", id_num);
rs.updateString("FILM_NAME", film_name);
rs.updateString("GENRE", genre);
rs.updateString("RATING", rating);
rs.insertRow();
//stmt.close( );
//rs.close( );
}
catch(SQLException err)
{
System.out.println(err.getMessage());
}
GetUserInput();
}
public void DeleteRecord()
{
String id = "";
Scanner id_of_film_to_delete= new Scanner(System.in);
System.out.println("Enter ID of film you want to delete.");
id = id_of_film_to_delete.next();
int idInt = Integer.parseInt(id);
try
{
stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
String sql = "SELECT * FROM ANDYSHORT.DVDS WHERE ID =" + idInt;
rs = stmt.executeQuery(sql);
rs.deleteRow();
}
catch(SQLException err)
{
System.out.println(err.getMessage());
}
GetUserInput();
}
}
use directly this query
"DELETE FROM ANDYSHORT.DVDS WHERE ID =" + idInt;
String sql = "DELETE FROM ANDYSHORT.DVDS WHERE ID=?";
PreparedStatement statement = conn.prepareStatement(sql);
statement.setString(1, "+ idInt+");
int rowsDeleted = statement.executeUpdate();
if (rowsDeleted > 0) {
System.out.println(" delete successfully!");
}
Use prepared statements to avoid SQL injection:
PreparedStatement statement;
statement = con.prepareStatement("DELETE FROM andyshort.dvds WHERE id = ?");
statement.setInt(1, idToDelete);
statement.executeUpdate();
You can directly use delete query if you have the Id before hand.
String sql = "DELETE FROM ANDYSHORT.DVDS WHERE ID =" + idInt;
stmt.executeUpdate(sql);
But, it's better to use prepared statements instead of statements in order to avoid sql injection attacks.
String query= "DELETE FROM ANDYSHORT.DVDS WHERE ID = ? ";
PreparedStatement preparedStatement = con.prepareStatement(query);
preparedStatement.setInt(1,idInt);
preparedStatement.executeUpdate();
You need to move the cursor to the first row before deleting the row, if you want to use deleteRow() method.
rs.first();
rs.deleteRow();