Thank you VERY much! It worked!!!!!
I am currently using MySQL as my backend which does not support
pre-compilation of queries so I do not get the full benefits of the
preparedStatment BUT the fact that I can do this and not worry about
escaping stuff is great!.
Thanks to everyone who jumped in. Also appreciate the code samples that
people sent.
Anil
On Fri, 2 Feb 2001, Hung Yee wrote:
> The 'setString()' and 'setInt()' are methods that expect arguments, not
> variables that can receive an assignment! Try this:
>
> <% Connection objConn = java.sql.DriverManager.getConnection (strJDBCurl);
> %>
> <%
> String strSQL = "INSERT INTO codelist
> (title,description,section_id,keywords,code)" +
> " VALUES (?,?,?,?,?)";
>
> PreparedStatement objPStmt = objConn.prepareStatement(strSQL);
> objPStmt.setString(1, request.getParameter("txtTitle"));
> objPStmt.setString(2, request.getParameter("txtDescription"));
> objPStmt.setInt(3,Integer.parseInt(request.getParameter("selSection")));
> objPStmt.setString(4, request.getParameter("txtKeywords"));
> objPStmt.setString(5, request.getParameter("txtCode"));
> objPStmt.executeUpdate();
>
> %>
>
> -----Original Message-----
> From: Anil John [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 9:05 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Escaping ' in a SQL INSERT
>
>
> Thank you... I did that, and If I've followed the instructions the
> following code should work (I hope!).
>
> <% Connection objConn = java.sql.DriverManager.getConnection (strJDBCurl);
> %>
> <%
> String strSQL = "INSERT INTO codelist
> (title,description,section_id,keywords,code)" +
> " VALUES (?,?,?,?,?)";
>
> PreparedStatement objPStmt = objConn.prepareStatement(strSQL);
> objPStmt.setString = (1, request.getParameter("txtTitle"));
> objPStmt.setString = (2, request.getParameter("txtDescription"));
> objPStmt.setInt = (3,
> Integer.parseInt(request.getParameter("selSection")));
> objPStmt.setString = (4, request.getParameter("txtKeywords"));
> objPStmt.setString = (5, request.getParameter("txtCode"));
> objPStmt.executeUpdate();
>
> %>
>
> It does not.
>
> I get the following error:
>
> ')' expected.
>
> objPStmt.setString = (1, request.getParameter("txtTitle"));
> ^
>
> What did I do wrong?
>
> Anil
>
>
>
>
>
> On Fri, 2 Feb 2001, Hung Yee wrote:
>
> > Take a look at Sun's tutorial on JDBC (Java DataBase Connectivity) - it
> > explains all the basics, including the difference between Statement
> objects
> > and PreparedStatement objects:
> > http://www.java.sun.com/docs/books/tutorial/jdbc/index.html
> >
> > Also, here's a link to the JDBC API:
> > http://java.sun.com/j2se/1.3/docs/api/java/sql/package-summary.html
> >
> > Other JDBC links that might interest you:
> > http://java.sun.com/j2se/1.3/docs/guide/jdbc/index.html
> > http://www.java.sun.com/products/jdbc/index.html
> >
> > Good luck.
> >
> > -----Original Message-----
> > From: Anil John [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, February 02, 2001 7:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Escaping ' in a SQL INSERT
> >
> >
> > Joseph,
> >
> > Thank you.. That was exactly what I was looking for...
> >
> > Is there any performance or state penalty associcated with using a
> > preparedstatement vs the regular statement?
> >
> > Anil
> >
> >
> > On Fri, 2 Feb 2001, Joseph Ottinger wrote:
> >
> > > Ah. This is a common JDBC problem; I've been casually watching the
> > > JSP-Interest list (very casually, since my email is a little screwed up
> at
> > > the moment) and just now realised nobody was really giving you any
> useful
> > > information.
> > >
> > > PreparedStatement ps=connection.createPreparedStatement(
> > > "insert into mytable (field1) values (?)"
> > > );
> > > ps.setString(1, "O'Malley");
> > > ps.execute();
> > >
> > > This will insert "O'Malley", properly escaped and all, into the
> database.
> > In
> > > addition, there's no parsing, no string building; if you're doing a lot
> of
> > > inserts, all you'd do is setString(1) over and over again, then
> re-execute
> > > (I'm ignoring batch updates, I know.)
> > >
> > > >No special reason expect ignorance :)
> > > >
> > > >As I mentioned, I am new to JSP. It would appear that I need to read a
> > > >little bit more...
> > > >
> > > >Thank you..
> > > >
> > > >Anil
> > > >
> > > >
> > > >On Fri, 2 Feb 2001, Joseph Ottinger wrote:
> > > >
> > > > > Is there any special reason you can't use a PreparedStatement, since
> > > >they
> > > > > handle escaping for you?
> > > > >
> > > > > >I understand that...Just don't want to do that manually :)
> > > > > >
> > > > > >Would rather use a replace function to to which I can feed in a
> > string
> > > >and
> > > > > >tell it to do the replace as you suggest. What I am looking for is
> > the
> > > > > >existance of such a function and some code samples that people have
> > > >used.
> > > > > >
> > > > > >Anil
> > > > > >
> > > > > >
> > > > > >On Fri, 2 Feb 2001, Chitra Muthukrishnan wrote:
> > > > > >
> > > > > > > Use double single quote .
> > > > > > > For example,
> > > > > > > if you want to insert ab'c, your insert statement will be like
> > this
> > > >:
> > > > > > >
> > > > > > > insert into tablename(field1) values(value1,'ab''c);
> > > > > > >
> > > > > > > M.Chitra
> > > > > > > www.3rdagenda.com
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: Anil John <[EMAIL PROTECTED]>
> > > > > > > To: <[EMAIL PROTECTED]>
> > > > > > > Sent: Friday, February 02, 2001 6:56 AM
> > > > > > > Subject: Escaping ' in a SQL INSERT
> > > > > > >
> > > > > > >
> > > > > > > > Greetings,
> > > > > > > >
> > > > > > > > I am new to JSP, so if this question has been asked and
> aswered
> > > > > >before,
> > > > > > > > please point me to the FAQ.
> > > > > > > >
> > > > > > > > If not, could someone provide a code sample of how you escape
> a
> > '
> > > >when
> > > > > > > > doing a SQL Insert in JSP?
> > > > > > > >
> > > > > > > > I am familiar with the VBScript replace function that would
> > allow
> > > >you
> > > > > >to
> > > > > > > > do this and am hoping that there is a corresponding JSP
> > function.
> > > > > > > >
> > > > > > > > Anil
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> _______________________________________________________________
> > > > > > > > Anil John
> > > > > > > > [EMAIL PROTECTED] [PGP Key Available]
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > > >
> >
> >===========================================================================
> > > > > > > > To unsubscribe: mailto [EMAIL PROTECTED] with body:
> "signoff
> > > > > > > JSP-INTEREST".
> > > > > > > > For digest: mailto [EMAIL PROTECTED] with body: "set
> > > >JSP-INTEREST
> > > > > > > DIGEST".
> > > > > > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > > > > > >
> > > > > > > > http://java.sun.com/products/jsp/faq.html
> > > > > > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > > >
> >
> >===========================================================================
> > > > > > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > > > >JSP-INTEREST".
> > > > > > > For digest: mailto [EMAIL PROTECTED] with body: "set
> > > >JSP-INTEREST
> > > > > >DIGEST".
> > > > > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > > > > >
> > > > > > > http://java.sun.com/products/jsp/faq.html
> > > > > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >--
> > > > > >_______________________________________________________________
> > > > > >Anil John
> > > > > >[EMAIL PROTECTED] [PGP Key Available]
> > > > > >
> > > > >
> > > >
> >
> >===========================================================================
> > > > > >To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > > > > >JSP-INTEREST".
> > > > > >For digest: mailto [EMAIL PROTECTED] with body: "set
> JSP-INTEREST
> > > > > >DIGEST".
> > > > > >Some relevant FAQs on JSP/Servlets can be found at:
> > > > > >
> > > > > > http://java.sun.com/products/jsp/faq.html
> > > > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > > > >
> > > > > _________________________________________________________________
> > > > > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >--
> > > >_______________________________________________________________
> > > >Anil John
> > > >[EMAIL PROTECTED] [PGP Key Available]
> > > >
> > >
> > > _________________________________________________________________
> > > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > >
> > >
> >
> ===========================================================================
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> > DIGEST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > > http://java.sun.com/products/jsp/faq.html
> > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > >
> > >
> >
> > --
> > _______________________________________________________________
> > Anil John
> > [EMAIL PROTECTED] [PGP Key Available]
> >
> >
> ===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> > DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> >
> ===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> >
>
> --
> _______________________________________________________________
> Anil John
> [EMAIL PROTECTED] [PGP Key Available]
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
> DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>
--
_______________________________________________________________
Anil John
[EMAIL PROTECTED] [PGP Key Available]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
