0
package Add;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionForward;

public class AddSuccessAction extends Action 
{
	private final static String SUCCESS = "success";

	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception 
{
		MyBean bean = (MyBean) form;
		String cityName = bean.getCn();
		String pincode = bean.getPc();
		
		Connection con = null;
		ResultSet rs = null;
        PreparedStatement stmt = null;
		
		String connectionURL = "jdbc:mysql://localhost:3306/city"; 
		
		try 
		{ 
		    Class.forName("com.mysql.jdbc.Driver"); 
		    con = DriverManager.getConnection (connectionURL,"root","welcome12#"); 
		    String sq = "SELECT city_name,pincode from data ";
			stmt = con.prepareStatement(sq);
			rs = stmt.executeQuery();
			boolean flag = false;
			while (rs.next()) 
			{
				String pic = rs.getString(pincode);
				
				if(pic=="pincode")
				{
					System.out.println("Pincode already exists");
					flag = true;
				}
			}
			if(!flag)
			{
				String sql = "INSERT INTO city (city name,pincode) VALUES('"+cityName+','+pincode+"')";
				stmt = con.prepareStatement(sql);
				stmt.executeUpdate();
			}
		}
		catch (SQLException e) 
		{ 
		    e.printStackTrace(); 
		} 
		catch (Exception e) 
		{ 
		    e.printStackTrace(); 
		} 
		finally 
		{ 
			stmt.close();
			con.close(); 
		} 
		return mapping.findForward(SUCCESS);
	}

}
3
Contributors
3
Replies
5
Views
7 Years
Discussion Span
Last Post by vishalanuj
0
String pic = rs.getString("pincode");

not

String pic = rs.getString(pincode);

Also, use a preparedStatement, cobbling a statement together using String concatenation like you've done is just begging for trouble. Maybe only as innocent as a mistyped user input string that causes the SQL to fail with a syxntax error, or as damaging as an intentional SQL Injection attack.

Edit: And this

if(pic=="pincode")

is probably backwards, too.

Edited by masijade: n/a

0

Edit: Ignore this, masijade already spotted error
First check your name spelling for tables and columns used if you have any spelling mistakes (can check it as you failed to provide database or affected tables specs)

In the future please post full error message not just section.

Edited by peter_budo: Edit

0
String pic = rs.getString("pincode");

not

String pic = rs.getString(pincode);

Also, use a preparedStatement, cobbling a statement together using String concatenation like you've done is just begging for trouble. Maybe only as innocent as a mistyped user input string that causes the SQL to fail with a syxntax error, or as damaging as an intentional SQL Injection attack.

Edit: And this

if(pic=="pincode")

is probably backwards, too.

Hi.i just rectified the error.i should have used if(pic.equals(pincode)) instead of if(pic=="pincode"). :P
i am a newbie.
thanks for replying neways. :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.