Results 1 to 2 of 2
  1. #1
    bikkerss is offline Member
    Join Date
    Dec 2009
    Posts
    20
    Rep Power
    0

    Default someone who would take a look at this

    i try to fill up a database using te value of a textbox

    but if i use

    DATABANK dbvoegtoe= new DATABANK("insert into MEDERWERKERS(MEDEWERKERNAAM) values('"+String.valueOf(medewerker.getText()),tru e);

    it uses the inserted text as part of the sql statement not a value

    fieldnames are correct

    the true part i use for a flag for handeling errors
    Last edited by bikkerss; 01-21-2010 at 08:31 PM.

  2. #2
    masijade is offline Senior Member
    Join Date
    Jun 2008
    Posts
    2,571
    Rep Power
    9

    Default

    First of all, you are missing the closing '

    Secondly, you shouldn't be concatenating user values directly into an SQL statement like that, what happens if the value entered is
    Java Code:
    ';delete * from MEDERWERKERS;--
    Use a PreparedStatement.

    Thirdly, there is no way we can be certain what is happening as this "DATABANK" class is definately no part of the JDK.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •