hi everyone

-In the code below, the line marked by *** is where i read my text field.
-The value of the text field is stored into a variable "InputUserName ".
-My question is: What do i put in the place of @@@@@ so as to have the same variable "InputUserName " referenced.
- I want to search/query my db by whatever the user enters as his username.
i'm on jdk1.5.0

Thanx in advance

Driver d = (Driver)Class.forName"sun.jdbc.odbc.JdbcOdbcDriver").newInstance();
String URL = "jdbc:odbc:" + "CMSC446"; 
con = DriverManager.getConnection( URL ,"",""); 
statement   = con.createStatement();
*** InputUserName = username.getText();	//reading the Text field
result = statement.executeQuery("SELECT password FROM terry 
WHERE username =@@@@@");

    InputPassword = Inpassword.getText();      //reading password field
    String dbPassword = result.getString("password"); //obtaining db password

    if (dbPassword.equals(InputPassword))

>>result = statement.executeQuery("SELECT password FROM terry
WHERE username =@@@@@");

just put it right in ;-)

result = statement.executeQuery("SELECT password FROM terry 
WHERE username ="+InputUserName);

Just realise that executeQuery just takes in a String and you may compose Strings however way you want.
If InputUserName="cosi", then

"SELECT password FROM terry WHERE username="+InputUserName
"SELECT password FROM terry WHERE username=cosi"

Only think you have to watch out for is you must encode your strings if you expect nonalphanumeric symbols. URLEncoder/URLDecoder is a cheap way to go about it...

An alternative strategy is to use PreparedStatements. (See http://java.sun.com/j2se/1.4.2/docs/api/java/sql/PreparedStatement.html)

PreparedStatement pstmt = con.prepareStatement("UPDATE EMPLOYEES
                                     SET SALARY = ? WHERE ID = ?");
   pstmt.setBigDecimal(1, 153833.00)
   pstmt.setInt(2, 110592)

Hope this helps!


This article has been dead for over six months. Start a new discussion instead.