Re: about the SQL statement in JDBC-SERVLET

Sun, 25 Apr 1999 03:46:16 -0700 

Use a prepared statement instead:

String question = req.getparameter("customer_question");
String sql = "insert into customer (customer_question) values (?)";
PreparedStatement ps = con.prepareStatement(sql);
ps.setString(1, question);
ps.executeUpdate();

Regards,
Bob

------------------------------------------------------------------------
-------------------
Bob Withers                                    Two things are infinite: the
universe and
[EMAIL PROTECTED]                            human stupidity, and I'm not sure
about
http://www.pobox.com/~bwit       the universe.     - Albert Einstein
------------------------------------------------------------------------
-------------------
----- BEGIN GEEK CODE BLOCK -----
Version 3.1 http://www.geekcode.com
GCS d- s: a+ C++ UO++ P L++ E--- W++ N++ o-- w++
O M V- PS PE Y+ PGP t+ 5 X++ r* tv+ b++ DI++ D--- G
e++ h--- r+++ y+++
----- END GEEK CODE BLOCK -----


On Sunday, April 25, 1999 3:52 AM, qian jianhua [SMTP:[EMAIL PROTECTED]]
wrote:
>  << File: ATT00002.txt; charset = gb2312 >>  << File: ATT00003.htm;
charset = gb2312 >>
Hi, I am now writing a servlet program, using JDBC SQL Statement to insert
data into a database. The following is part of my code,

String question=req.getParameter("customer_question");

Statement stmt=con.createStatement();
String query= "INSERT INTO customer(customer_question)"+"values
('"+question+"')";
stmt.executeUpdate(query);

"customer_question" is the name of a text field in the form of my .html
file involving the servlet program. If I type "What's your name?" into the
text field and submit the form to active the servlet, then I find the
servlet can't pass through this statement "stmt.executeUpdate(query);". I
used try{}catch(SQLException e) {}, and was told that "count field
incorrect". So, I guess the "'" mark in my input is the reason of my
problem. In fact, the """ mark can also cause some probelm, though not
"count field incorrect". So far I don't know whether other symbol
characters will cause the query statement fail.

Could you help me to solve the problem, so that I can input any character
into the text field and execute the Update statment successfully?

Thank you for your time!

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to