Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2011
    Posts
    35
    Rep Power
    0

    Default java error : not an sql expression statement(jdbc)

    error : not an sql expression statement
    ettin error in sql query to insert data in sql server 2005 using java
    Java Code:
    import java.sql.*;
    
    public class TaskBO 
    {
      public TaskBO()
      {
      }
     public boolean createtask(Taskdata taskdata) 
      {
        try 
        {
          Connection conn = DatabaseManager.getConnection();
          Statement stmt = conn.createStatement();
          String query = "insert into dbo.guru VALUES('"+taskdata.getTaskid() +"','" + taskdata.getTaskname() +"','"+taskdata.getDateOfBirth();"')";
          boolean result = stmt.execute(query);
          stmt.close();
    
        } catch (Exception ex) 
        {
          ex.printStackTrace();
        }
    
        return true;
      }
      }
    plz help

  2. #2
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    8

    Default

    Use a PreparedStatement for setting those parameters and use the executeUpdate method for inserts.

  3. #3
    Join Date
    Mar 2011
    Posts
    35
    Rep Power
    0

    Default

    why cany i use string query??its also can be used.
    i just wnn know where my sql query statement is wrong?

  4. #4
    Join Date
    Mar 2011
    Posts
    35
    Rep Power
    0

    Default

    plz reply to the problem given
    Last edited by gurpreet.singh; 03-22-2011 at 07:28 AM.

  5. #5
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    8

    Default

    Quote Originally Posted by gurpreet.singh View Post
    why cany i use string query??its also can be used...
    1.) PreparedStatements protect against sql injection. With those strings I can pass you a string that completes your statement properly and then starts off another statement that deletes all your records.
    2.) PreparedStatements allow the querys to be cached so they don't have to be DB compiled everytime you call the same statement with different parameters so they are faster.
    3.) PreparedStatements allow you to set the parameters the correct way because they do all the quting for you as well as type conversions so you don't have to worry about escaping and DB type conversions yourself.

    Your current statement shouldn't even compile because you have
    Java Code:
    "+taskdata.getDateOfBirth();"')";
    instead of
    Java Code:
    "+taskdata.getDateOfBirth()+"')";

  6. #6
    DarrylBurke's Avatar
    DarrylBurke is offline Member
    Join Date
    Sep 2008
    Location
    Madgaon, Goa, India
    Posts
    11,236
    Rep Power
    19

  7. #7
    Join Date
    Mar 2011
    Posts
    35
    Rep Power
    0

    Default

    okie sir so please tell me the same query using prepared statements..how to do the same insert into query to be updated with data entered by the user.

  8. #8
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    8

Similar Threads

  1. Jdbc Prepared Statement execute()
    By nitishjtm in forum JDBC
    Replies: 37
    Last Post: 12-16-2010, 08:43 AM
  2. JDBC Prepared Statement
    By Floetic in forum JDBC
    Replies: 4
    Last Post: 05-20-2009, 11:53 PM
  3. JDBC statement question
    By nick2price in forum Advanced Java
    Replies: 21
    Last Post: 09-29-2008, 02:09 PM
  4. Replies: 0
    Last Post: 04-01-2008, 10:17 AM
  5. Replies: 0
    Last Post: 09-28-2007, 12:56 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •