Java RSS Java RSS

Need help with SQL embedded in Java

Reply

Join Date: Sep 2007
Posts: 4
Reputation: mat111 is an unknown quantity at this point 
Solved Threads: 0
mat111 mat111 is offline Offline
Newbie Poster

Need help with SQL embedded in Java

 
0
  #1
Sep 10th, 2007
Hello all,

Am new here, so please bear with me - if i dont get some things right!

Okie Dokie. Lets get started.

I was working with Tomcat/Servlet/ODBC.

I created a table in MS Access. Created the Connection, Statement, query and everything. I want to retrieve the information from the table depending on the search criterion(like for ex.in the html page I send the Last Name, catch that in servlet, and then use that to get the required data from the table). Now here's my problem, when i write the following, the Tomcat container gives errors-saying "...Syntax Error(missing operator) in query expression 'Last name=mat'...".

Java Syntax (Toggle Plain Text) 
  1. ResultSet rs=st.executeQuery("Select * from Employees where Last Name="+request.getParameter("LastName"));//'st' is the Statement object.

I initially thought the problem was in catching the parameter(but it wasn't so,) 'cause i did the following, and i got the output in the container console.

Java Syntax (Toggle Plain Text) 
  1. String LastName=request.getParameter("LastName");
  2. System.out.println(LastName);//'request' is the object of HttpServletRequest

ok, now since i got the Parameter read in my servlet from the html page, i tried the following;

Java Syntax (Toggle Plain Text) 
  1. ResultSet rs=st.executeQuery("Select * from Employees where Last Name="+LastName);

but again the result was no different from the earlier....

please help suggest what i can possibly do....

is there something i am missing?

thanx for reading,

Mat
Last edited by mat111; Sep 10th, 2007 at 2:57 am.
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 2,385
Reputation: masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of 
Solved Threads: 252
Moderator
masijade's Avatar
masijade masijade is offline Offline
Nearly a Posting Maven

Re: Need help with SQL embedded in Java

 
1
  #2
Sep 10th, 2007
The problem is quoting. The "last name" should be quoted in the SQL with single quotation marks ('). To avoid errors like this in the future (and to prevent SQL injection attacks), use PreparedStatement and its setString method. See the API for more information.
Java Programmer and Sun Systems Administrator

----------------------------------------------

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 4
Reputation: mat111 is an unknown quantity at this point 
Solved Threads: 0
mat111 mat111 is offline Offline
Newbie Poster

Re: Need help with SQL embedded in Java

 
0
  #3
Sep 11th, 2007
Originally Posted by masijade View Post
The problem is quoting. The "last name" should be quoted in the SQL with single quotation marks ('). To avoid errors like this in the future (and to prevent SQL injection attacks), use PreparedStatement and its setString method. See the API for more information.
Hello Masijade,

Thanx for replying. As you said, I did the following, but now the output is "Record not found"! I post the code for kind reference.

Java Syntax (Toggle Plain Text) 
  1. import java.io.*;
  2. import javax.servlet.*;
  3. import javax.servlet.http.*;
  4. import java.sql.*;
  5.  
  6. /**
  7.  * Servlet implementation class for Servlet: SelectStatement
  8.  *
  9.  */
  10.  public class SelectStatement extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
  11.     /* (non-Java-doc)
  12. 	 * @see javax.servlet.http.HttpServlet#HttpServlet()
  13. 	 */
  14. 	 Connection con;
  15.  
  16.  
  17. 	/* (non-Javadoc)
  18. 	 * @see javax.servlet.Servlet#destroy()
  19. 	 */
  20. 	public void destroy() {
  21. 		// TODO Auto-generated method stub
  22.  
  23. 		try
  24. 		{
  25. 			if(con!=null)
  26. 			{
  27. 				con.close();
  28. 			}
  29. 		}
  30. 		catch(Exception e)
  31. 		{
  32. 			e.printStackTrace();
  33. 		}
  34. 	}   	
  35.  
  36. 	/* (non-Java-doc)
  37. 	 * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
  38. 	 */
  39. 	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  40. 		// TODO Auto-generated method stub
  41.  
  42. 		try
  43. 		{
  44. 		response.setContentType("text/html");
  45.  
  46. 		PrintWriter pw=response.getWriter();
  47. 		Statement st=con.createStatement();
  48.  
  49. 		pw.println("<html>");
  50. 		pw.println("<body bgcolor='green'><center>");
  51.  
  52.  
  53. 		String elm=request.getParameter("EmpLastName");
  54. 		System.out.println(elm);
  55.  
  56. 		ResultSet rs=st.executeQuery("Select * from Employees where LastName='elm'");
  57.  
  58. 		ResultSetMetaData rsmd=rs.getMetaData();
  59. 		int count=rsmd.getColumnCount();
  60.  
  61. 		System.out.println(count);
  62.  
  63. 		if(rs.next())
  64. 		{
  65. 			pw.println("<h2>Employee Details.</h2>");
  66. 			pw.println("<table border=1 cellpadding=3 cellspacing=0>");
  67. 			pw.println("<tr>");
  68.  
  69. 			for(int i=1;i<=count;i++)
  70. 				pw.println("<th align=right width=100>"+rsmd.getColumnName(i)+"</th>");
  71.  
  72. 			    pw.println("</tr>");
  73. 				pw.println("<tr>");
  74.  
  75. 			for(int i=1;i<=count;i++)
  76. 				pw.println("<td align=right width=100>"+rs.getString(i)+"</td>");
  77.  
  78. 		}
  79. 		else
  80. 			pw.println("<h3>Record not found!!</h3>");
  81.  
  82. 		pw.println("</center></body></html>");
  83. 		pw.close();
  84. 		}
  85. 		catch(Exception e)
  86. 		{
  87. 			e.printStackTrace();
  88. 		}
  89.  
  90. 	}  	  	  	  
  91.  
  92. 	/* (non-Javadoc)
  93. 	 * @see javax.servlet.GenericServlet#init()
  94. 	 */
  95. 	public void init(ServletConfig config) throws ServletException {
  96. 		// TODO Auto-generated method stub
  97.  
  98. 		try{
  99.  
  100. 			Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
  101. 			String url="Jdbc:Odbc:MyEMP"; 
  102. 			con=DriverManager.getConnection(url);
  103.  
  104. 			System.out.println("-----------------------");
  105. 			System.out.println("Connection Establish!");
  106. 		}
  107. 		catch(Exception e)
  108. 		{
  109. 			System.out.println(e);
  110. 		}
  111. 	}   
  112. }

Appreciate any replies.

And btw, you asked to use PreparedStatement. Could you write a code snippet? As I understand, PreparedStatement interface is generally used for inserting or updating data into the table, but not for retrieving?

-regds,

Mat
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 2,385
Reputation: masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of 
Solved Threads: 252
Moderator
masijade's Avatar
masijade masijade is offline Offline
Nearly a Posting Maven

Re: Need help with SQL embedded in Java

 
0
  #4
Sep 11th, 2007
Java Syntax (Toggle Plain Text) 
  1. ResultSet rs=st.executeQuery("Select * from Employees where LastName='elm'");
should be
Java Syntax (Toggle Plain Text) 
  1. ResultSet rs=st.executeQuery("Select * from Employees where LastName='" + elm + "'");

PS as follows:
Java Syntax (Toggle Plain Text) 
  1. PreparedStatement ps = conn.prepareStatement("Select * from Employees where LastName=?")
  2. ps.setString(1, elm);
  3. ResultSet rs = ps.executeQuery();
Last edited by masijade; Sep 11th, 2007 at 10:01 am. Reason: Double open parens (oops)
Java Programmer and Sun Systems Administrator

----------------------------------------------

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
Reply With Quote Quick reply to this message  
Join Date: Aug 2007
Posts: 80
Reputation: lookof2day is an unknown quantity at this point 
Solved Threads: 10
lookof2day lookof2day is offline Offline
Junior Poster in Training

Re: Need help with SQL embedded in Java

 
0
  #5
Sep 11th, 2007
You can also use JDBC 2.0 enhancements. Try the following code for inserting.
ResultSet rs = statement.executeQuery("Select * from Employees");
rs.moveToInsertRow();
rs.updateString("LastName","mat111");
rs.updateString("FirstName","mat111");
rs.insertRow();
rs.moveToCurrentRow();

There are updateXXX() methods for different data types available. Plus it makes the code more readable. The same updateXXX() methods can also be used to update rows. You would only require to move to the row to be updated.

you can fire an update query as:
rs = statement.executeQuery("SELECT EMP_NAME FROM Employees where EMP_CODE=" + empCode );
int row = rs.getRow(); // returns the absolute value of row to be updated.

rs.absolute(row);//move the cursor to the row to be updated.
rs.updateString("LastName","mat111");
rs.updateString("FirstName","mat111");
rs.updateRow();//notice the difference.
rs.moveToCurrentRow();
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 2,385
Reputation: masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of masijade has much to be proud of 
Solved Threads: 252
Moderator
masijade's Avatar
masijade masijade is offline Offline
Nearly a Posting Maven

Re: Need help with SQL embedded in Java

 
0
  #6
Sep 11th, 2007
That would be true, if he were, in this instance, interested in doing any updates.
Java Programmer and Sun Systems Administrator

----------------------------------------------

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
--Brian Kernighan
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 4
Reputation: mat111 is an unknown quantity at this point 
Solved Threads: 0
mat111 mat111 is offline Offline
Newbie Poster

Re: Need help with SQL embedded in Java

 
0
  #7
Sep 11th, 2007
Thanx jade bro........that was something.....
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 4
Reputation: mat111 is an unknown quantity at this point 
Solved Threads: 0
mat111 mat111 is offline Offline
Newbie Poster

Re: Need help with SQL embedded in Java

 
0
  #8
Sep 11th, 2007
thanx lookof2day....for your time man!

take it ez.

Mat
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Java Forum
Thread Tools Search this Thread



2dgraphics 3d @param affinetransform android api applet application arc arguments array arrays automation banking binary bluetooth byte chat chatprogramusingobjects class client code color compare component count database design detection eclipse eclipsedevelopment encryption error fractal game givemetehcodez graphics gridlayout gui guitesting helpwithhomework html ide if_statement image input integer interface j2me java java.xls javadesktopapplications javaprojects jni jpanel julia keytool keyword linux list loop macintosh map method methods mobile netbeans newbie object os pong problem producer program programming project projectideas read recursion reference replaysolutions rim scanner server set size sms sort sql string swing terminal threads transforms tree ui unicode validation web windows
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC