package Add;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionForward;

public class AddSuccessAction extends Action 
{
	private final static String SUCCESS = "success";

	public ActionForward execute(ActionMapping mapping, ActionForm form,
			HttpServletRequest request, HttpServletResponse response)
			throws Exception 
{
		MyBean bean = (MyBean) form;
		String cityName = bean.getCn();
		String pincode = bean.getPc();
		
		Connection con = null;
		ResultSet rs = null;
        PreparedStatement stmt = null;
		
		String connectionURL = "jdbc:mysql://localhost:3306/city"; 
		
		try 
		{ 
		    Class.forName("com.mysql.jdbc.Driver"); 
		    con = DriverManager.getConnection (connectionURL,"root","welcome12#"); 
		    String sq = "SELECT city_name,pincode from data ";
			stmt = con.prepareStatement(sq);
			rs = stmt.executeQuery();
			boolean flag = false;
			while (rs.next()) 
			{
				String pic = rs.getString(pincode);
				
				if(pic=="pincode")
				{
					System.out.println("Pincode already exists");
					flag = true;
				}
			}
			if(!flag)
			{
				String sql = "INSERT INTO city (city name,pincode) VALUES('"+cityName+','+pincode+"')";
				stmt = con.prepareStatement(sql);
				stmt.executeUpdate();
			}
		}
		catch (SQLException e) 
		{ 
		    e.printStackTrace(); 
		} 
		catch (Exception e) 
		{ 
		    e.printStackTrace(); 
		} 
		finally 
		{ 
			stmt.close();
			con.close(); 
		} 
		return mapping.findForward(SUCCESS);
	}

}

Recommended Answers

String pic = rs.getString("pincode");

not

String pic = rs.getString(pincode);

Also, use a preparedStatement, cobbling a statement together using String concatenation like you've done is just begging for trouble. Maybe only as innocent as a mistyped user input string that causes the SQL to fail …

Jump to Post

All 3 Replies

String pic = rs.getString("pincode");

not

String pic = rs.getString(pincode);

Also, use a preparedStatement, cobbling a statement together using String concatenation like you've done is just begging for trouble. Maybe only as innocent as a mistyped user input string that causes the SQL to fail with a syxntax error, or as damaging as an intentional SQL Injection attack.

Edit: And this

if(pic=="pincode")

is probably backwards, too.

Edit: Ignore this, masijade already spotted error
First check your name spelling for tables and columns used if you have any spelling mistakes (can check it as you failed to provide database or affected tables specs)

In the future please post full error message not just section.

String pic = rs.getString("pincode");

not

String pic = rs.getString(pincode);

Also, use a preparedStatement, cobbling a statement together using String concatenation like you've done is just begging for trouble. Maybe only as innocent as a mistyped user input string that causes the SQL to fail with a syxntax error, or as damaging as an intentional SQL Injection attack.

Edit: And this

if(pic=="pincode")

is probably backwards, too.

Hi.i just rectified the error.i should have used if(pic.equals(pincode)) instead of if(pic=="pincode"). :P
i am a newbie.
thanks for replying neways. :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.