Results 1 to 13 of 13
  1. #1
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default Adding jTextField() content to the database?

    Hello, I am new to the databases... so kindly bear my mistakes in the coding..

    I want to store the data entered by the user into the database Oracle 9i...I wan t to know if such a statement would work?? It is actually not working on my ide..:eek:

    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + "values +('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    The Quieter you become the more you are able to hear !

  2. #2
    javastuden's Avatar
    javastuden is offline Senior Member
    Join Date
    Nov 2009
    Posts
    160
    Rep Power
    5

    Default

    Hi,
    welcome to forum,
    do you have any exception on doing this

    thank you

  3. #3
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    Yes actually its "Exception"
    The Quieter you become the more you are able to hear !

  4. #4
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    8

    Default

    Use a PreparedStatement, put e.printStackTrace in your catch blocks and post the full stack trace if you still get the exception.

  5. #5
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    thnx for replying..:)

    I have actually worked with the prepared statement.. but i want to know whether the above code as such can work..

    Java Code:
                String str = "insert into rms_accountstore( invoice_type, customer_name, customer_address, tin_number) values(?, ?, ?, ?)";
                statement = connection.prepareStatement(str);
    
                if (jRadioButton1_flag) {
                    statement.setString(1, "sales" );
                } else if (jRadioButton2_flag) {
                    statement.setString(1, "tax" );
                }
                statement.setString(2, jTextField1.getText());
                statement.setString(3, jTextField2.getText());
                statement.setString(4, jTextField3.getText());
    
                statement.executeUpdate();

    By above code i mean...
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + "values +('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    I mean if such statements are possible then programming is fun.:D
    The Quieter you become the more you are able to hear !

  6. #6
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    8

    Default

    They are possible but strongly discouraged because they don't always work.

  7. #7
    JosAH's Avatar
    JosAH is online now Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,450
    Blog Entries
    7
    Rep Power
    20

    Default

    Quote Originally Posted by Stephen Douglas View Post
    I mean if such statements are possible then programming is fun.:D
    Sure, it can work that way but it reminds me of this xkcd comic.

    kind regards,

    Jos

  8. #8
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Unhappy

    I mean this syntax is not actually working !!
    I can't find the mistakes in the snippet.Please help.

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + "values +('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    The Quieter you become the more you are able to hear !

  9. #9
    JosAH's Avatar
    JosAH is online now Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,450
    Blog Entries
    7
    Rep Power
    20

    Default

    Quote Originally Posted by Stephen Douglas View Post
    I mean this syntax is not actually working !!
    I can't find the mistakes in the snippet.Please help.

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + "values +('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    I bet you have some quotes wrong (I'm too lazy to figure it out for you); better use a PreparedStatement so it can do it for you and you don't have to bother. Even more better: you are not sensitive to sql-injection attacks that way. (also see my comic reference in my previous reply).

    kind regards,

    Jos

  10. #10
    Stephen Douglas's Avatar
    Stephen Douglas is offline Senior Member
    Join Date
    Mar 2010
    Posts
    137
    Rep Power
    0

    Default

    :( No thnx.
    (also see my comic reference in my previous reply)
    The Quieter you become the more you are able to hear !

  11. #11
    porchrat is offline Senior Member
    Join Date
    Mar 2009
    Posts
    105
    Rep Power
    0

    Default

    Try this:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number) values ('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");


    Looks like your quotes were wrong over here in the bold part:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + [B]"values +('"[/B] + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    the + was being included in the string, you really don't need the + there at all as that should be one String until you get to the first variable.


    If however for some weird reason you wish to keep the + there (perhaps you are attached to it and think of it like a son :p) then something like this might help:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number) " + [B]"values " + "('"[/B] + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    I am not a java guru but I thought that might work. Let us know if it helps.
    Last edited by porchrat; 04-07-2010 at 05:05 PM.

  12. #12
    JosAH's Avatar
    JosAH is online now Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,450
    Blog Entries
    7
    Rep Power
    20

    Default

    Quote Originally Posted by porchrat View Post
    Try this:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number) values ('" + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");


    Looks like your quotes were wrong over here in the bold part:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number)" + [B]"values +('"[/B] + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    the + was being included in the string, you really don't need the + there at all as that should be one String until you get to the first variable.


    If however for some weird reason you wish to keep the + there (perhaps you are attached to it and think of it like a son :p) then something like this might help:

    Java Code:
    statement.executeUpdate("insert into rms_accountstore( customer_name, customer_address, tin_number) " + [B]"values " + "('"[/B] + jTextField1.getText() + "', '" + jTextField2.getText() + "', '" + jTextField3.getText()+")");
    I am not a java guru but I thought that might work. Let us know if it helps.
    Cool, now let the text in the first field be "foo', 'bar', 10)'; drop systable; //" or whatever the sql comment character sequence is and the value of the other fields be anything; that's sql injection; PreparedStatements prohibit such hacks.

    kind regards,

    Jos

  13. #13
    porchrat is offline Senior Member
    Join Date
    Mar 2009
    Posts
    105
    Rep Power
    0

    Default

    Quote Originally Posted by JosAH View Post
    Cool, now let the text in the first field be "foo', 'bar', 10)'; drop systable; //" or whatever the sql comment character sequence is and the value of the other fields be anything; that's sql injection; PreparedStatements prohibit such hacks.

    kind regards,

    Jos
    LOL fair enough. You have warned the guy, if he wishes to carry on regardless then it is his problem.

Similar Threads

  1. Replies: 3
    Last Post: 01-07-2010, 12:07 PM
  2. Replies: 2
    Last Post: 05-30-2009, 10:42 AM
  3. Replies: 1
    Last Post: 01-30-2009, 06:44 PM
  4. Problem Adding Content To JTabbedPane
    By JDCAce in forum AWT / Swing
    Replies: 5
    Last Post: 10-18-2008, 09:45 AM
  5. Clean the content of the JTextField
    By elizabeth in forum AWT / Swing
    Replies: 1
    Last Post: 07-26-2007, 08:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •